Revert static terminal CORS injection

- restore the AXS launch section in init-alpine.sh to the earlier source state without the explanatory allow-any-origin comments
- keep the default source startup command as plain axs invocation so allow-any-origin is no longer baked into source
- leave dynamic allow-any-origin handling to the outer build/deploy script when LAN debug injection is explicitly enabled

Author: 埃博拉酱

src/plugins/terminal/scripts/init-alpine.sh

@@ -265,19 +265,6 @@ chmod +x "$PREFIX/alpine/initrc"
 
 #actual source
 #everytime a terminal is started initrc will run
-# Required for the WebView's HTTP probe and terminal requests to localhost:8767.
-# Upstream Cordova commonly runs under https://localhost, which axs already
-# allows by default. In this repo, terminal startup and localhost readiness
-# probes can still originate from contexts outside axs's built-in default
-# allowlist. Without this CORS allowance, fetch() fails with
-# "TypeError: Failed to fetch" even though axs is already listening, which
-# triggers false repair/reinstall loops.
-# axs currently exposes only its default https://localhost policy or a global
-# allow-any-origin switch; it does not support an explicit origin allowlist yet.
-# Tightening this inside the shell wrapper is not possible: Origin validation has
-# to happen inside axs itself, where the HTTP request is handled. Until axs gains
-# per-origin CORS or an equivalent auth gate, keep this stopgap so terminal
-# startup and localhost readiness probes remain functional.
 "$PREFIX/axs" -c "bash --rcfile /initrc -i"
 
 else