oauth2: wellknown should use corsMiddleware

[JiaLiPassion]

Related issue

@aeneasr, as discussed in chat. The issue is,

• Situation: I have set the CORS_ENABLED=true, but still get No 'Access-Control-Allow-Origin' header is present error when access .well-known/openid-configuration,I checked the logs, there is hydra_1 | time="2018-10-23T11:30:20Z" level=info msg="Enabled CORS" in the log, I also tried set CORS_ALLOWED_ORIGINS=*, but still not work, but it will work in v0.11.12.

• Reason: https://github.com/ory/hydra/blob/master/cmd/server/handler.go#L99, Public server doesn't use the CORS_ENABLED flag.

Proposed changes

Use CORS_ENABLED flag also for public server.

Checklist

• I have read the contributing guidelines
• I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security
  vulnerability, I confirm that I got green light (please contact hi@ory.sh) from the maintainers to push the changes.
• I signed the Developer's Certificate of Origin
  by signing my commit(s). You can amend your signature to the most recent commit by using git commit --amend -s. If you
  amend the commit, you might need to force push using git push --force HEAD:<branch>. Please be very careful when using
  force push.
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation within the code base (if appropriate)
• I have documented my changes in the developer guide (if appropriate)

Further comments

[aeneasr]

Perfect, thanks!