Check that CORS-related headers are set correctly

[ithinkihaveacat]

ampbench should implement the tests described at "Testing CORS in AMP" (more information about CORS and AMP).

Rationale: for many interactive AMP pages to behave correctly when viewed on an AMP Cache, the origin needs to respond in a particular way to browsers' requests so that the CORS mechanism is successfully negotiated, and the browser has access to all the resource (e.g. fonts, POST endpoints) that it requires to correctly render the page.

[ithinkihaveacat]

This has become more urgent after bing released their AMP cache. Since most origins don't whitelist bing, any components that require CORS don't work.

The menu on all theguardian.com pages comes in via <amp-list>, and it's completely blank when viewed via Bing's cache, compare:

https://www.bing-amp.com/c/s/amp.theguardian.com/world/2018/sep/19/boorish-tourists-in-venice-targeted-in-mooted-sitting-down-ban?amp_js_v=0.1

https://amp-theguardian-com.cdn.ampproject.org/c/s/amp.theguardian.com/world/2018/sep/19/boorish-tourists-in-venice-targeted-in-mooted-sitting-down-ban

[ithinkihaveacat]

The code for this is mostly in: https://github.com/ampproject/ampbench/blob/master/amp-story/linter/index.ts (is used for bookend tests for AMP Story).