Add API healthcheck endpoint that can be accessed without auth (and is low impact)

[pete-gov]

We need an endpoint served on the API service that can be regularly pinged without authorization in order to verify that the API service is up and healthy (including has the ability to read from the DB).

This endpoint will be added to the Application Gateway to allow backend pool health checks and notifications to work, and can also be implemented to add automation health checks for basic integration/CICD/deployment/other tests.

A current example that is gated by auth is /actuator/health

Reason:

We need this to monitor availability of the service.

Acceptance Criteria:

• [x] confirm a health check URL exists that can be hit via curl/etc. without authentication that returns quickly (200 OK)
• [x] confirm that the health check URL returns good if the API and database is up (200 OK)
• [x] confirm that the health check URL returns bad if the database is down (some error)

[nickrobison-usds]

@benwarfield-usds Any objections to adding this to the Auth white list in the security config? I can knock that out quickly.

[benwarfield-usds]

There's a weird wrinkle with the actuators that I'm having trouble remembering—I'm going to look it up, then I'll update.

[benwarfield-usds]

OK, here's the scoop:

• the Spring Boot Actuators system is very flexible, and we are probably using it less than we ought to
• specifically, the health check has a cute behavior where it can show detailed component status or it can just show "UP", and it can be configured to do this always, never, or only when you're logged in
• the actuators can also be configured to provide role-based access, which... is probably unnecessary?
• last time around I put all the actuators behind an admin role check, and added a separate liveness check for the container management system.

I'm not 100% sure why I did that, to be quite honest, except in that the "/actuators" path is configurable and it's weird to have your health check move around like that.