[SECURITY] Secure SignalR `WorkflowInstanceHub` to Require Authentication

[sfmskywalker]

Problem

The WorkflowInstanceHub currently accepts anonymous requests, which poses a security risk by allowing unrestricted access to SignalR endpoints. To improve security, we need to enforce authentication for all requests to this hub.

Solution

1. Update WorkflowInstanceHub to require authenticated requests.
2. Modify Elsa.Studio to ensure that the SignalR client includes authentication tokens or necessary credentials with each request.

Acceptance Criteria

• WorkflowInstanceHub no longer accepts unauthenticated requests.
• Elsa.Studio SignalR client successfully connects to the hub with authenticated requests.

[sfmskywalker]

🚨 Urgent Security Advisory for Elsa Workflows Developers

A critical security vulnerability has been discovered in Elsa Workflows that requires your immediate attention. To mitigate this vulnerability and secure your system, please take the following actions without delay:

Action Required

1. Open your Elsa Workflow Server project.
2. Locate and comment out the following lines of code:

   elsa.UseRealTimeWorkflows();
   app.UseWorkflowsSignalRHubs();

This measure will help close the security hole that has been identified.

Failure to take this action may leave your application exposed to potential exploits.

Elsa Studio will remain functionally operational, as it will fall back to a polling mechanism instead of realtime updates via SignalR.