feat(server): enable CORS wildcard via Hono middleware

Adds Hono cors() middleware at top-level (app.use("*", cors())). This sets Access-Control-Allow-Origin: * for all routes, including preflight. If credentialed requests are needed later, we can switch to a dynamic origin function and set credentials: true.

Adding this to make it easier to access opencode server from the browsers / apps without having to build out reverse proxies to it.

this is added in dev already, I needed it for the desktop app, can you pull and make sure it's working for your case @ScriptedAlchemy?