Spring Security Add Cross-Origin-Resource-Policy security header

Related #9385

Expected Behavior

Allow to add Cross-Origin-Resource-Policy header via dsl and xml.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)

Current Behavior

Currently those headers can only be provided via custom headers.

Context When Cross-Origin-Embedder-Policy is set to require-corp, and if a cross origin resource supports CORS, the crossorigin attribute or the Cross-Origin-Resource-Policy header must be used to load it without being blocked by COEP. So when adding the support for Cross-Origin-Embedder-Policy we should also add support for Cross-Origin-Resource-Policy via dsl and xml.

Comment From: eleftherias

Closed via #10141