docs(api): add CORS_ALLOWED_ORIGIN to .env.example

Adds the `CORS_ALLOWED_ORIGIN` environment variable to the example
configuration file. This synchronizes the `.env.example` with the
existing documentation and recent CORS-related code changes, ensuring
developers are aware of this required setting for production deployments.

Author: fulleni

.env.example

@@ -2,4 +2,9 @@
 # Copy this file to .env and fill in your actual configuration values.
 # The .env file is ignored by Git and should NOT be committed.
 
-DATABASE_URL="mongodb://user:password@localhost:27017/ht_api_db"
+DATABASE_URL="mongodb://user:password@localhost:27017/ht_api_db"
+
+# (Optional for Production) The specific origin URL of your web client (e.g., the HT Dashboard).
+# This is required for production deployments to allow cross-origin requests.
+# For local development, this can be left unset as 'localhost' is allowed by default.
+# CORS_ALLOWED_ORIGIN="https://your-dashboard.com"