Allow disabling of CORS

It is desirable to disable CORS for development purposes in order to
validate same-origin policy and web security concepts. Additionally,
json-server could be used to show proxy concepts.

This change adds a new CLI option `--no-cors` which disables CORS by not
adding the CORS middleware. The change is backwards compatible since the
default behavior, i.e. adding CORS headers is retained.