[PATCH] debuginfod: add CORS support

[Frank Ch. Eigler]

Hi -

> [...]
> I think it will allow public web clients to exfiltrate debuginfo data
> from debuginfod servers on private intranets.  Previously, the
> cross-origin restrictions on web content would have prevented that.

Yes, this is the flip side of the CORS default coin.  ISTM the
convenience is a larger benefit than this risk.  Users that disagree
can do the reverse-proxy header-filtering to defeat it.  'course we
can also be more noncomittal and make it a command line option.

- FChE