Support CORS on AT-TLS

[pablocarle]

Is your feature request related to a problem? Please describe.
AT-TLS support for UIs currently requires additional configuration on the services' side if they are going to send requests affected by CORS.

i.e. they need to provide additional metadata:

        "apiml.corsEnabled": "true",
        "apiml.corsAllowedOrigins": <gateway_url>,<apicatalog_url>

This is because in API ML perspective the server runs with SSL disabled under these conditions and it is a different URL as the one coming from the browser on AT-TLS (https)

This is something we also use as a workaround for our own applications to work with AT-TLS (for the API Catalog)

This is also not properly documented for extenders.

Describe the solution you'd like

API ML should take into account the AT-TLS settings, which it already uses, to handle this scenario without the need to have additional metadata from services.

[EvaJavornicka]

Related docs:
https://docs.zowe.org/stable/user-guide/api-mediation/configuration-cors/
https://docs.zowe.org/stable/user-guide/configuring-at-tls-for-zowe-server/#zowe-desktop-tn3270-or-vt-terminal-websocket-1006-errors