CORS + Cookies flags

[otherview]

Description

This is a tentative fix for https://github.com/vechain/b3tr/issues/1123#issuecomment-2219331553

Issue:

• CORS Allowed Origins set to "*" can not be used with "Credentials: true" Link with more info here The standard suggestion fix seems to be : If, instead, you need to adjust the server's behavior, you'll need to change the value of Access-Control-Allow-Origin to grant access to the origin from which the client is loaded.

This PR adds the following flags: api-allowed-creds and api-allowed-origins that used together changes the response headers so that it's ok to use Cookies and CORS.

api-allowed-creds sets the Access-Control-Allow-Credentials header to true. api-allowed-origins sets the Access-Control-Allow-Origin to be set as the Origin request.

Example: Before Request{ Type:GET, To:www.yahoo.com, Header{'Origin:www.google.com', 'Access-Control-Allow-Credentials: true'}} Response{ Type:GET, To:www.yahoo.com, Header{Access-Control-Allow-Origin:"*"}} - which fails

With flags enabled Request{ Type:GET, To:www.yahoo.com, Header{'Origin:www.google.com', 'Access-Control-Allow-Credentials: true'}} Response{ Type:GET, To:www.yahoo.com, Header{Access-Control-Allow-Origin:"www.google.com", 'Access-Control-Allow-Credentials: true'}} - which is ok

Fixes # (issue)

Type of change

Please delete options that are not relevant.

• [x] Bug fix (non-breaking change which fixes an issue)
• [x] New feature (non-breaking change which adds functionality)

How Has This Been Tested?

• [x] Manually tested
• [ ] api_tests.go

Checklist:

• [x] My code follows the style guidelines of this project
• [x] I have performed a self-review of my code
• [x] I have commented my code, particularly in hard-to-understand areas
• [x] I have made corresponding changes to the documentation
• [x] My changes generate no new warnings
• [x] I have added tests that prove my fix is effective or that my feature works
• [x] New and existing unit tests pass locally with my changes
• [x] New and existing E2E tests pass locally with my changes
• [x] Any dependent changes have been merged and published in downstream modules
• [x] I have not added any vulnerable dependencies to my code

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 0% with 16 lines in your changes missing coverage. Please review.

Project coverage is 62.63%. Comparing base (e5d76aa) to head (7180749).

Files	Patch %	Lines
api/api.go	0.00%	8 Missing :warning:
cmd/thor/main.go	0.00%	8 Missing :warning:

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #790 +/- ## ========================================== - Coverage 62.65% 62.63% -0.03% ========================================== Files 199 199 Lines 18196 18210 +14 ========================================== + Hits 11401 11405 +4 - Misses 5713 5724 +11 + Partials 1082 1081 -1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[kgapos]

Now that google scraps their plan to block 3rd party cookies, perhaps it's a good idea to explore this implementation further?