Add corsheaders app so that responses delivered for /api routes contain
proper CORS headers required by clients running in browsers constrained
by same-origin policies.
Note: /media/ routes are configured in the default configuration because
the development web server should immitate the behaviour of a production
web server. However CORS headers will not be present on a production
server if not configured separately, because the /media/ path is
handled by the static file serving mechanism of common web servers.