feat(core): migrate to allowedOriginPatterns for credentialed CORS

[OmarAitBenaissa]

PR Description

This pull request updates the application's CORS configuration to use allowed-origin-patterns and allowed-origins, aligning with more flexible and modern Spring CORS configuration practices. The change ensures that origin matching can use patterns (such as wildcards), which is more robust for various deployment scenarios.

What this PR Provides

CORS Configuration Updates:

• Changed the CorsProperties record to use allowedOriginPatterns and allowedOrigins, and updated the null check accordingly (CorsProperties.java).
• Updated the corsConfigurationSource bean to call setAllowedOriginPatterns instead of setAllowedOrigins (SecurityConfiguration.java).

Configuration File Adjustments:

• Modified application.yml to use the allowed-origin-patterns property and its corresponding environment variable, replacing allowed-origins (application.yml).… prevent wildcard + credentials conflicts and allows controlled subdomain matching.

Review

The reviewer must double-check these points:

• The reviewer has tested the feature
• The reviewer has reviewed the implementation of the feature
• The documentation has been updated
• The feature implementation respects the Technical Doc / ADR previously produced

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud