Add HTTP.CORS environment configuration to better support decoupled local development

[ben-hamelin]

With a decoupled architecture it can be challenging to support testing without proper CORS configuration in both the frontend application and the Elastic instance.

Can we consider adding http.core config to the compose file? e.g.
environment: - "http.cors.allow-origin=*" - "http.cors.enabled=true" - "http.cors.allow-headers=X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization,Access-Control-Allow-Origin,Access-Control-Request-Headers" - "http.cors.allow-credentials=true" - "http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE"

Or alternatively, maybe a simple README update on how to override this if needed, similar to the memory note that is already in place.

[rfay]

A PR should be easy right? It will be welcome. It won't do any harm, true? I'm surprised that front-end would be accessing elasticsearch directly.

[ben-hamelin]

Thanks @rfay ! Drafted the initial PR: #19
As this is my first contribution I want to spend some time reviewing the tests, documentation as well.
If anything stands out right away please let me know!