Set CORS header for ES endpoint
For accessing the ES index endpoint within third-party applications, we must set a CORS header: Access-Control-Allow-Origin:*
(The concrete demand comes from an application in development by @literarymachine that creates svg diagrams based on ES queries (and, thus, is a lightweight method for creating visualisations unlike the very complex Kibana).