allow cross origin requests for web wallets

[n8maninger]

Adds github.com/rs/cors and wraps the server mux to allow cross origin requests. This would be necessary to allow wallet.siacentral.com to access the endpoints.

[lukechampine]

thanks for the contribution!

I'm a bit torn on this, for two reasons:

• first, I don't like adding new dependencies. The cors package seems pretty widely used, so it's probably fine (especially now that go.mod will prevent the code from changing later), but I still might prefer to just copy the bits we need.
• second, this doesn't feel like it should be the responsibility of walrus. If we add it here, do we need to add it to every server that a website might want to talk to? It looks like you can handle CORS inside NGINX (and other web servers, I imagine). That seems preferable to me. We already do this with HTTPS: the walrus and shard servers don't serve HTTPS directly, they punt that to NGINX. Similarly, you don't run walrus as sudo and bind to port 80; you run a single process (NGINX) as sudo and have it reverse proxy each service. I like this separation of concerns; each individual server shouldn't have to worry about HTTPS and binding to privileged ports and all that jazz.

I think the second argument is pretty strong. There's just one reason that I have doubts, which is that it's annoying for a new user to have to install NGINX in order to run walrus properly. The average user just wants to run the binary and start using the web wallet.

On the other hand... the "average user" will probably start out using a lite wallet like narwal, and I can easily add CORS support to my narwal server. So narwal will "just work" with web wallets. Graduating from narwal to a local walrus full node already requires the user to get their hands a little dirty, so adding CORS to that burden doesn't seem terrible.

I guess I should add a more thorough "setup" guide for running walrus in conjunction with NGINX. You definitely need to be using HTTPS if you plan to talk to your walrus instance remotely, for example.

So for now I think my position is, "let's add CORS to narwal, and also write a guide for running walrus properly, including HTTPS and CORS." If enough people complain about the NGINX requirement, we can revisit it.

[lukechampine]

I've added some setup instructions to the README. Going to close this for now, but I'm open to further discussion if you think CORS really should be supported in walrus itself.