feat: add CORS support to registry API

[ironsteadlabs]

CORS Support Missing in MCP Registry

Problem

The MCP Registry server does not implement CORS headers, preventing browser-based applications from accessing the registry API.

Current behavior:

• OPTIONS preflight requests return 404 instead of proper CORS headers
• API responses do not include Access-Control-Allow-Origin headers
• Browser-based clients cannot make cross-origin requests to the API

Testing current behavior:

# OPTIONS preflight request fails
curl -i -X OPTIONS http://localhost:8080/v0/servers \
  -H "Origin: https://example.com" \
  -H "Access-Control-Request-Method: GET"
# Returns: 404 Not Found

# GET request succeeds but has no CORS headers
curl -i http://localhost:8080/v0/servers \
  -H "Origin: https://example.com"
# Returns: 200 OK (but no Access-Control-Allow-Origin header)

Real-World Example

While setting up GitHub Enterprise MCP controls, I encountered this issue when trying to use the registry with VS Code Insiders:

1. Attempted to configure a private MCP registry using this Go server implementation
2. VS Code Insiders could not fetch server listings from the registry
3. After debugging, discovered the issue was missing CORS headers blocking the API calls
4. Found that both the official registry at registry.modelcontextprotocol.io and private registries built with this codebase have the same limitation
5. Had to implement a reverse proxy with CORS headers as a workaround

This affects browser extensions, web-based tools, VS Code Web/Insiders, and any client-side applications trying to browse available MCP servers.