Fix: Resolve production CORS issues by moving CorsMiddleware before TenantMainMiddleware

Root cause: CorsMiddleware was positioned after TenantMainMiddleware, which
prevented CORS headers from being set. The tenant middleware processes requests
before CORS middleware could add the necessary headers.

Changes:
- Moved CorsMiddleware to first position in MIDDLEWARE stack
- Added CORS_ALLOW_ALL_ORIGINS configuration (for testing only)
- Updated production CORS regex to match both base and subdomains
- Created public tenant and registered production domains
- Re-enabled CORS_URLS_REGEX for API security

This fix ensures proper CORS headers are sent for cross-origin requests from
smoothschedule.com domains to api.smoothschedule.com.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

smoothschedule/config/settings/multitenancy.py

@@ -88,13 +88,15 @@ DATABASE_ROUTERS = [
 # CRITICAL: Order matters!
 
 MIDDLEWARE = [
-    # 1. MUST BE FIRST: Tenant resolution
+    # 0. CORS must be first to set headers before tenant resolution
+    'corsheaders.middleware.CorsMiddleware',
+
+    # 1. Tenant resolution
     'django_tenants.middleware.main.TenantMainMiddleware',
 
     # 2. Security middleware
     'django.middleware.security.SecurityMiddleware',
     'csp.middleware.CSPMiddleware',
-    'corsheaders.middleware.CorsMiddleware',  # Moved up for better CORS handling
     'whitenoise.middleware.WhiteNoiseMiddleware',
 
     # 3. Session & CSRF