Always respond with CORS headers on the Stripe charge endpoint

When a response doesn't include CORS headers, it is unavailable to JavaScript in the browser.

Unfortunately, the way CORS is implemented now, it seems like error responses often result in CORS headers being left out of the response. One specific example of this is that if the response body to /v1/stripe/charge fails to parse as a Charge then the response is:

HTTP/2 500 
date: Wed, 08 Apr 2020 12:04:39 GMT
server: Warp/3.2.28