Fix JP2/WEBP detection, Link header, CORS origin

[dpb587]

Hi - I ran into a few errors when running this - both locally and from iiif.io, so I wanted to propose changes from my findings. It's not clear to me if this repository is still maintained so kept them in a single PR for my own simplicity, but can resubmit to split them up for acceptance or discussion if you prefer.

More technical details are documented in the commit messages, so, to summarize:

• WEBP format (bug fix) - correctly identify magic header, seemingly related to a Python3 upgrade (previously the test result was a false negative)
• JP2 format (bug fix) - correctly invoke magic library, unsure the cause of this regression (previously it was an uncaught exception)
• Link header (bug fix) - allow semicolons in URIs (previously it was an uncaught exception)
• CORS (behavior change) - expanded support to accept origin-specific response headers (i.e. http://iiif.io) instead of only a wildcard (previously this case was unsupported)

Also, I'm not too sure about the testing practices for discovering if I'm breaking any expectations or simply misunderstood an expected failure. I'd be happy to amend this for test coverage after more guidance.

I would appreciate any feedback you might have on the changes - thanks!