Add config to handle cors

[amarjeetanandsingh]

Hi
I agree with the point mentioned in this comment that we should not allow the POST /package API from the browser by default as it modifies the system.

However, I am not very convinced with the approach we are taking to disable this feature from a browser.

Impact of no cors-

• Difficult POC: We'll need NGINX or similar proxy servers to manipulate headers. This initially demands resources/time/effort which drops the motivation of the adoption of Piston.

Proposed Solution:

• We can control the cors from the piston config, disabled by default(current behavior). However, we can discuss enabling it in docker-compose.dev.yml
• In case we really want to be careful with the POST /packages API-
  • We can enable this feature(POST /packages endpoint) based on a config.
  • Or we decouple the system-impacting feature from user-facing endpoint list. we can provide a small script kind of tool to install a package manually inside /piston/packages dir.

In case we can conclude on this, I'll be happy to contribute to the implementation :-)