Allow configuration of CORS headers for API access from web clients

[thgossler]

What is the problem you're trying to solve I want to use something like JoxIt/docker-registry-ui as a custom user interface for an Azure Container Registry because the Azure Portal UI doesn't support filtered access based on tokens and scope maps but only based on Entra Security Principals.

Describe the solution you'd like CORS config UI section and API for ACR allowing to set the usual "Access-Control-Allow-..." headers for this resource. With a custom domain configured ACR should support configuring allowance for same-site requests in contrast to the default same-origin requests so that a self-hosted registry UI under the same site but a different origin is possible (i.e. common parent domain name with different subdomain).

Additional informstion Currently, this can be worked around by setting up a reverse proxy server in the backend and rewrite the requests on pass-through to the ACR endpoints. But this is very cumbersome and there seem to be no good reasons why the API should not usable from external web clients directly.

[sajayantony]

Adding @terencet-dev