fix(api): CORS for connectRPC and grpc-web (#10227)

# Which Problems Are Solved

The CORS handler for the new connectRPC handlers was missing, leading to
unhandled preflight requests and a unusable api for browser based calls,
e.g. cross domain gRPC-web requests.

# How the Problems Are Solved

- Added the http CORS middleware to the connectRPC handlers.
- Added `Grpc-Timeout`, `Connect-Protocol-Version`,`Connect-Timeout-Ms`
to the default allowed headers (this improves also the old grpc-web
handling)
- Added `Grpc-Status`, `Grpc-Message`, `Grpc-Status-Details-Bin` to the
default exposed headers (this improves also the old grpc-web handling)

# Additional Changes

None

# Additional Context

noticed internally while testing other issues

internal/api/http/middleware/cors_interceptor.go

@@ -21,6 +21,9 @@ var (
 			http_utils.XUserAgent,
 			http_utils.XGrpcWeb,
 			http_utils.XRequestedWith,
+			http_utils.ConnectProtocolVersion,
+			http_utils.ConnectTimeoutMS,
+			http_utils.GRPCTimeout,
 		},
 		AllowedMethods: []string{
 			http.MethodOptions,
@@ -34,6 +37,9 @@ var (
 		ExposedHeaders: []string{
 			http_utils.Location,
 			http_utils.ContentLength,
+			http_utils.GrpcStatus,
+			http_utils.GrpcMessage,
+			http_utils.GrpcStatusDetailsBin,
 		},
 		AllowOriginFunc: func(_ string) bool {
 			return true