fix: add missing Access-Control-Expose-Headers values

What does this MR do?

Fixes #194897 (closed)

It's best to include these headers only in relevant APIs, but couldn't find a good way to do it (also relevant for the other currently exposed headers).

Screenshots

Ran the following command in my local dev environment: curl --head --header "Authorization: Bearer **********" --header 'Origin: http://localhost:8080' http://localhost:3000/api/v4/projects/flightjs%2Fflight/repository/files/Makefile\?ref\=master

Result:

HTTP/1.1 200 OK
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link, X-Total, X-Total-Pages, X-Per-Page, X-Page, X-Next-Page, X-Prev-Page, X-Gitlab-Blob-Id, X-Gitlab-Commit-Id, X-Gitlab-Content-Sha256, X-Gitlab-Encoding, X-Gitlab-File-Name, X-Gitlab-File-Path, X-Gitlab-Last-Commit-Id, X-Gitlab-Ref, X-Gitlab-Size
Access-Control-Max-Age: 7200
Cache-Control: no-cache
Content-Length: 345
Content-Type: application/json
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Gitlab-Blob-Id: c39e6b86c90382b03822c9b26535fde8c39bb9a1
X-Gitlab-Commit-Id: f15b32277d2c55c6c595845a87109b09c913c556
X-Gitlab-Content-Sha256: 41948282484dd60cdf0be8ee5d311c178c7dc1e74b8acc8622275b4671649449
X-Gitlab-Encoding: base64
X-Gitlab-File-Name: Makefile
X-Gitlab-File-Path: Makefile
X-Gitlab-Last-Commit-Id: 63cc70e28975c25ba092a219dbbd77b2bc1e9561
X-Gitlab-Ref: master
X-Gitlab-Size: 899
X-Request-Id: CNxg5BoqCV7
X-Runtime: 0.441534
Date: Sun, 12 Jan 2020 06:54:28 GMT

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• Label as security and @ mention @gitlab-com/gl-security/appsec
• The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• Security reports checked/validated by a reviewer from the AppSec team