Support for OPTIONS requests

[alukach]

As per opengeospatial/ogcapi-features#1005 and stac-api-extensions/transaction#15, OPTIONS requests should reflect the access control imposed by the server.

Being that the STAC Auth Proxy imposes its own access controls, we should validate that the server behaves in such a manner.

[alukach]

In #76, we explicitly altered the proxy to skip auth enforcement on OPTIONS requests. Requiring that clients manually send their own pre-flight request with credentials seems like something that would be non-default behavior. As such, this feature should be tucked behind an optional feature flag.