Add additional Access-Control-Allow-Headers for jawn API

[use-tusk[bot]]

This PR updates the Access-Control-Allow-Headers configuration in valhalla/jawn/src/index.ts to include two new headers: x-vercel-set-bypass-cookie and x-vercel-protection-bypass. These headers have been added to the CORS settings in both the app.options("*", ...) function and the app.use((req, res, next) => { ... }) middleware function. This allows the application to accept these custom headers in cross-origin requests, ensuring consistent CORS behavior.

---

Tips:

• Make sure to test changes before merging.
• Submit a "Request Changes" review to address nits. If major changes are needed, retry the issue from the Tusk app with additional context.
• Close this PR with a comment if it's obviously incorrect. This will improve my future PRs.
• Go to the Tusk activity logs to see more details.