e2e: use explicit values for Access-Control-Allow-Origin

[galargh]

Currently, we use Access-Control-Allow-Origin: ["*"] in our E2E setup. As raised https://github.com/ipfs/ipfs-companion/pull/1121#discussion_r1053853150, we could try to be more explicit with access control.

See https://github.com/ipfs/ipfs-companion/pull/1121#discussion_r1071958675 for prior attempts description.

[lidel]

Sorry for naive question if this was discussed before, but why do we need these CORS headers at all?

Companion should work without asking user to set any special headers, and out e2e tests should validate that it works "out-of-the-box" with IPFS Desktop.

• For Chromium and MV3 we have safelisted extension origin https://github.com/ipfs/kubo/pull/8690
• For older Chromium and Firefox,where origin is unique per user, we have access to blocking webRequest API, so we lift CORS limitation here

Can we remove explicit values for Access-Control-Allow-Origin, so we test real world use of RPC port?