http server --allow-origin argument to set cors headers

[substack]

This patch adds CORS headers when --allow-origin is given to the hyp drive http command. The headers are the same as ipfs uses which have probably been tested against many different scenarios by now.

With this patch, I can use fetch() in a web app to load proxied content from a hyper:// archive.