Add `cors` with bedrock.config app-global options and export via `middleware`

[dlongley]

Add a bedrock-configurable version of the cors middleware and export it for use by routes. This would include, most importantly, a maxAge of 86400, which is the max acceptable age for modern browsers. There is little reason not to include this header in deployments.