`extractHeaders` had an incorrect regex that crashed Corsy with the msg:
"sre_constants.error: nothing to repeat at position 1". This was caused
by `^?`, which is not a valid regex, and can be reproduced with the
README example: `python3 corsy.py -u https://example.com --headers
"User-Agent: GoogleBot\nCookie: SESSION=Hacked"`.
Instead of using the regex this commit simplifies the logic by using a
`split` to split lines and header_name/value pairs.
Previously there was a missing call to `headers = requester(url, scheme,
header_dict, origin)` in the "origin reflected" check. This meant that
the code was not using the intended origin (`origin = root + '://' +
'example.com'`). Intead, the check incorreclty used the headers from the
first request (with `origin = scheme + '://' + root`). This commit fixes
this problem by making the missing request.
