Set a CORS header on /configuration so the signup page is allowed to use it

[exarkun]

We want the signup page to load Stripe configuration from the backend to avoid having to repeat that configuration across multiple repositories. The signup page and the backend are hosted on different domains, though. The signup page therefore is not allowed to request the backend's configuration resource unless an Access-Control-Allow-Origin header with the correct value is included in the response.

Add such.