Enforce authentication on service definition

[labkode]

To protect resources with an authentication layer the current way is to list the http or grpc endpoints to protect in the configuration file.

I think it makes more sense that the service itself defines if it needs to be authenticated (have a user context) or not.

The ownCloud app framework used to work this way.

@butonic @refs feedback please :)

[refs]

I also think it keep things cleaner an authentication per service basis. At least such responsibility belongs to the service 👍

[labkode]

Let me work on that then

[labkode]

@butonic @refs and probably for the HTTP services having CORS enforced maybe is also a good idea?

[refs]

@labkode 👍. Might be a good practice to look into some more OWASP headers 💃

[labkode]

@refs let's create a security or OWASP middleware