Adding the possibility for CORS requests to the pursuit API

[mikesol]

I'm building a webapp where I'd like to add pursuit search, but fetch requests to pursuit are failing due to access control issues.

I think this could be solved by adding ie:

optionsSearchR :: Handler RepPlain
optionsSearchR = do
    addHeader "Access-Control-Allow-Origin" "*"
    addHeader "Access-Control-Allow-Methods" "GET, OPTIONS"
    return $ RepPlain $ toContent ("" :: Text)

getSearchR :: Handler TypedContent
getSearchR = do
    addHeader "Access-Control-Allow-Origin" "*"

Are there any objections to this? If not I'll make a PR.