CORS configuration should be defined at each view function

[OriHoch]

currently CORS configuration is defined globally using regex of paths: https://github.com/hasadna/anyway/blob/dev/anyway/app_and_db.py#L30

This is problematic for these reasons:

• security configurations should be defined as close as possible to the relevant code, to allow review and prevent mistakes which could open security holes
• it's hard to keep track and understand how CORS is defined

Similar to the suggestion in #1925 - the best way to implement this is using a decorator on each function

This flask plugin supports it: https://flask-cors.readthedocs.io/en/latest/#route-specific-cors-via-decorator