Firebase functions overly permissive cors policy

Detects HTTP-triggered functions where the Access-Control-Allow-Origin header is set to the wildcard *, especially for functions handling sensitive data or authenticated sessions. This allows any website to make requests to the function, potentially leading to data exfiltration or CSRF-like attacks.