Remove Access-Control-Allow-Credentials header

This header is only relevant if dealing with authentication via cookies
or other methods in HTTP requests. The Pelias API intentionally doesn't
deal with authentication at all, assuming anyone who wants
authentication will deal with it using a service placed between Pelias
and end users.

Additionally the CORS spec [does not allow](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Credentialed_requests_and_wildcards)
specifying this header while setting a wildcard for
`Access-Control-Allow-Origin`, so it can cause problems in some cases.

Fixes https://github.com/pelias/api/issues/971

middleware/cors.js

@@ -3,8 +3,7 @@ function middleware(req, res, next){
   res.header('Access-Control-Allow-Origin', '*');
   res.header('Access-Control-Allow-Methods', 'GET, OPTIONS');
   res.header('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
-  res.header('Access-Control-Allow-Credentials', true);
   next();
 }
 
-module.exports = middleware;
+module.exports = middleware;

test/ciao/CORS/headers_GET.coffee

@@ -6,4 +6,3 @@ path: '/'
 response.should.have.header 'Access-Control-Allow-Origin','*'
 response.should.have.header 'Access-Control-Allow-Methods','GET, OPTIONS'
 response.should.have.header 'Access-Control-Allow-Headers','X-Requested-With,content-type'
-response.should.have.header 'Access-Control-Allow-Credentials','true'

test/ciao/CORS/headers_OPTIONS.coffee

@@ -7,4 +7,3 @@ method: 'OPTIONS'
 response.should.have.header 'Access-Control-Allow-Origin','*'
 response.should.have.header 'Access-Control-Allow-Methods','GET, OPTIONS'
 response.should.have.header 'Access-Control-Allow-Headers','X-Requested-With,content-type'
-response.should.have.header 'Access-Control-Allow-Credentials','true'