Define Access-Control-Allow-Origin for CSS for assets.
To be sure the assets site serves the expected file, we can use the SRI,
Subresource Integrity mechanism to store a hash in the <link> tag.
If the URL does not support Cross-Origin Resource Sharing (CORS),
the SRI mechanism can't work. We so allow access from all origins.
Test Plan: Tested with D3119 to load D3135 CSS
Reviewed By: dereckson
Maniphest Tasks: T1881
Differential Revision: https://devcentral.nasqueron.org/D3136