Hard coded value for allowed origins

[s-jairl]

The file "internal/apigw/httpserver/service.go" contains hard coded CORS configuration:

[...]
AllowOrigins:     []string{"https://dc4eu.wwwallet.org", "https://demo.wwwallet.org", "https://dev.wallet.sunet.se", "https://sunetwallet-dev.app.siros.org/"},
[...]

In order to avoid per-deployment forking, this value should preferably be read from "config.yaml" or some other source instead.

[masv3971]

#246