Add `replace_asterisk_with_origin` option for Acces-Control-Allow-Origin

Add `replace_asterisk_with_origin` option for Acces-Control-Allow-Origin

If you have multiple allowed origins and require `allow_credentials` to be true, CORS might be a problem since it blocks all requests with Allow-Origin "*" in combination with Credentials. Therefore this feature adds a config paramter `replace_asterisk_with_origin`. If it is set to `yes` and the passed `Access-Control-Allow-Origin` is an asterisk, this will be replaced by the origin of the request in the corresponding response.