Serve CORS headers on the browser-facing Stripe charge interface

A browser cannot currently make the cross-origin HTTP request necessary to complete the payment process.

The server needs a CORS header in the response on the Stripe charge endpoint which indicates the browser should allow the request from the domain hosting the web frontend to the domain hosting the payment server.

The server also needs to respond to an OPTIONS preflight request for the resource.