Clarify CORS header usage for neighbours list

[moisseev]

• Explained the necessity of a valid entry in neighbours for CORS header.
• Fixed minor formatting and phrasing issues.

[moisseev]

@vstakhov From a security perspective, is it acceptable to always allow any origin in the CORS policy?

Currently, we conditionally add the Access-Control-Allow-Origin: * header based on the presence of multiple servers in the neighbours list.

https://github.com/rspamd/rspamd/blob/7a94c375be320b2897277cbbf9fb6a73d9c44f3c/src/controller.c#L4031-L4034

However, if we always include this header, we could achieve the following benefits:

• Consistent CORS policies: This approach ensures uniform CORS policies across all deployments, whether they are single-server or clustered setups.
• Simplified configuration: It would simplify the configuration of cluster nodes by eliminating the need for neighbours sections.

Are there any security concerns or implications we should consider if we decide to always allow any origin?