GHSA-2452-6xj8-jh47

### Summary
Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings.

### Details
While Vite patched the default CORS settings to fix https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6, nuxt uses its own CORS handler by default (https://github.com/nuxt/nuxt/pull/23995).

https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/client.ts#L257-L263

That CORS handler sets `Access-Control-Allow-Origin: *`.

> [!IMPORTANT]
> If on an affected version, it may be possible to opt-out of the default Nuxt CORS handler by configuring `vite.server.cors`.

### PoC
1. Start a dev server in any nuxt project using Vite by `nuxt dev`.
2. Send a fetch request to `http://localhost:3000/_nuxt/app.vue` (`fetch('http://localhost:3000/_nuxt/app.vue')`) from a different origin page.

### Impact
Users with the default server.cors option using Vite builder may get the source code stolen by malicious websites

### Additional Information
`/__nuxt_vite_node__/manifest` / `/__nuxt_vite_node__/module` also seems to have `Access-Control-Allow-Origin: *`, so it maybe also possible to exploit that handler.
https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/vite-node.ts#L39
Although I didn't find a valid module id.
Note that this handler is probably also vulnerable to DNS rebinding attacks as I didn't find any host header checks.