[TOB] allow the restriction of CORS origins

[ljedrz]

Cc @zosorock, as this is probably most applicable to services run atop the REST server.

Finding: TOB-ALEO-23

[vvp]

Alternatively, instead of this PR we could remove the direct CORS support from REST API and let node operators run a reverse proxy for snarkOS in which the CORS is configured (e.g. nginx), if they need it.

This option would simplify our codebase and allow more flexible CORS configurations, but it would also add that extra step and operational overhead when integrating snarkOS into websites via REST (unsure how common use case that'll be).

[howardwu]

This is already guarded using firewalls today.