test: add integration tests for CORS with various origin configurations

[mahmoodhamdi]

What

Added 10 Express integration tests (via supertest) covering CORS scenarios not exercised by the existing example-app tests, and fixed deprecated app.del() usage in the README.

Why

The existing integration tests in test/example-app.js only test default CORS (wildcard origin). Real-world usage often involves specific origins, dynamic origin functions, regex patterns, and credentials — none of which had integration-level coverage through Express.

While working with cors in my Express APIs, I noticed these gaps and wrote tests that validate the middleware works correctly end-to-end in an Express app for:

Specific origin with credentials:

• Verifies Access-Control-Allow-Origin, Access-Control-Allow-Credentials, Access-Control-Expose-Headers, and Vary headers on actual requests
• Verifies preflight responses include Access-Control-Max-Age and credentials

Dynamic origin function:

• Allows matching origin (primary)
• Allows second matching origin from the allowed list
• Rejects non-matching origin (no Access-Control-Allow-Origin header)

Regex origin:

• Allows subdomain matching via regex
• Rejects non-matching origin

Array of origins (mixed string + regex):

• Allows exact string match from array
• Allows regex match from array
• Rejects non-matching origin

Docs fix:

• Changed app.del() to app.delete() in the pre-flight example — app.del() is a deprecated alias removed in Express 5

Testing

59 passing (48ms)

----------|---------|----------|---------|---------|-------------------
File      | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
----------|---------|----------|---------|---------|-------------------
All files |     100 |      100 |     100 |     100 |
 index.js |     100 |      100 |     100 |     100 |
----------|---------|----------|---------|---------|-------------------

• All 59 tests pass (49 existing + 10 new)
• Lint passes
• 100% coverage maintained