Add CORS headers to returned avatars

Hello! 👋

Could you consider adding CORS header (Access-Control-Allow-Origin: *) to avatar image responses? Gravatar uses it and it allows fetching avatars without cookies or any other tracking information through <img src="..." crossorigin=anonymous>

More details here: https://developer.mozilla.org/en-US/docs/Web/HTML/CORS_settings_attributes

Reported here: https://photog.social/users/libravatar/statuses/102265339201031638