CORS update duplicate existed headers except set only from data

[yura-shutkin]

Describe the bug

Cors Headers duplicates every time on update sys/config/cors

To Reproduce
Steps to reproduce the behavior:

1. Run docker run --rm --name=vault --network=host -t -e "VAULT_DEV_ROOT_TOKEN_ID=12345" vault:1.0.2
2. Run vault login
3. Run vault write sys/config/cors allowed_headers="X-My-Vault" allowed_origins="test"; vault read sys/config/cors
   See

Success! Data written to: sys/config/cors
Key                Value
---                -----
allowed_headers    [Content-Type X-Requested-With X-Vault-AWS-IAM-Server-ID X-Vault-MFA X-Vault-No-Request-Forwarding X-Vault-Wrap-Format X-Vault-Wrap-TTL X-Vault-Policy-Override Authorization X-Vault-Token X-My-Vault]
allowed_origins    [test]
enabled            true

4. Repeat step 3 and see

Success! Data written to: sys/config/cors
Key                Value
---                -----
allowed_headers    [Content-Type X-Requested-With X-Vault-AWS-IAM-Server-ID X-Vault-MFA X-Vault-No-Request-Forwarding X-Vault-Wrap-Format X-Vault-Wrap-TTL X-Vault-Policy-Override Authorization X-Vault-Token X-My-Vault Content-Type X-Requested-With X-Vault-AWS-IAM-Server-ID X-Vault-MFA X-Vault-No-Request-Forwarding X-Vault-Wrap-Format X-Vault-Wrap-TTL X-Vault-Policy-Override Authorization X-Vault-Token X-My-Vault]
allowed_origins    [test]
enabled            true

5. Run vault write sys/config/cors allowed_headers="X-Other-Header" allowed_origins="*"; vault read sys/config/cors
   See

Success! Data written to: sys/config/cors
Key                Value
---                -----
allowed_headers    [Content-Type X-Requested-With X-Vault-AWS-IAM-Server-ID X-Vault-MFA X-Vault-No-Request-Forwarding X-Vault-Wrap-Format X-Vault-Wrap-TTL X-Vault-Policy-Override Authorization X-Vault-Token X-My-Vault Content-Type X-Requested-With X-Vault-AWS-IAM-Server-ID X-Vault-MFA X-Vault-No-Request-Forwarding X-Vault-Wrap-Format X-Vault-Wrap-TTL X-Vault-Policy-Override Authorization X-Vault-Token X-My-Vault Content-Type X-Requested-With X-Vault-AWS-IAM-Server-ID X-Vault-MFA X-Vault-No-Request-Forwarding X-Vault-Wrap-Format X-Vault-Wrap-TTL X-Vault-Policy-Override Authorization X-Vault-Token X-Other-Header]
allowed_origins    [*]
enabled            true

Expected behavior
I would like to see only headers I set, or default headers and headers I set.
I would like to have ability remove headers without delete cors config and set config

Environment:

• Vault Server Version :

vault status                                                                                                
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.0.2
Cluster Name    vault-cluster-a7218c62
Cluster ID      dce55604-e9cf-960f-1b13-73c46e6ee8b8
HA Enabled      false

• Vault CLI Version (retrieve with vault version):

Vault v1.0.2 ('37a1dc9c477c1c68c022d2084550f25bf20cac33')

• Server Operating System/Architecture:
  Ubuntu 18.04 x86_64

Vault server configuration file(s):
default dev without configuration

Additional context
Add any other context about the problem here.