Set the correct CORS headers for Wasm

[johnpryan]

We need to make sure our firebase hosting configuration and any important endpoints return the correct CORS headers in order to use SharedArrayBuffer.

To test with Wasm locally, you can set these headers using dhttpd:

$ flutter clean
$ flutter build web --wasm
$ dhttpd '--headers=Cross-Origin-Embedder-Policy=require-corp;Cross-Origin-Opener-Policy=same-origin;Cross-Origin-Resource-Policy=cross-origin' --path=build/web

These headers will also need to be configured in our firebase hosting configuration.

We also need to set the Cross-Origin-Resource-Policy header to cross-origin for these two files:

• https://storage.googleapis.com/nnbd_artifacts/3.4.3/dart_sdk.js
• https://storage.googleapis.com/nnbd_artifacts/3.4.3/flutter_web.js

Unfortunately, it's not possible to set arbitrary headers on a Cloud Storage bucket, at least by following these instructions: Set CORS configuration on a bucket. There's no option to set the Cross-Origin-Resource-Policy header to cross-origin, only the access-control-allow-origin header (AFAICT).

We could proxy requests for these files through dart-services and provide the necessary headers to the response.

[johnpryan]

We maybe be able to configure requirejs (used by DDC) to load these modules with the crossorigin="anonymous" attribute: https://github.com/requirejs/requirejs/issues/1550