Gateway CORS experiments

[futurechimp]

Experiment with browser client compatibility to see if there is any setup that doesn't trigger CORS problems for the TypeScript SDK when used in-browser.

a) Is there a cors file we can put in place such that a domain isn't required? b) Is there any way to make things work such that the browser's TLS checks can work really simply?

If the answer to either of those questions is "no", then we should build TLS directly into gateways, and also use a letsencrypt crate to make the domain setup part easy for gateway operators.