Disable REST API by default for non-authenticated users

[schoenkaft]

This is mainly because exposing (admin) users could subject them to personalised hacks. Plus to prevent accidental exposure of sensitive post types or fields (although that would require additional work to do so).

[schoenkaft]

@HammenWS update:

• I've added a Grrr\Rest\Routes namespace/class where you can specify the global namespace and custom routes
• I've added a few simple static helper functions
• I've locked down all endpoints, except for the ones specified in the class above (the function to get them is a arbitrarily named, and also needs / in front of it, but I'm okay with this for now)
• I've refactored the newsletter endpoint a bit:
  • It's now named/scoped properly according to our new setup
  • I've removed the service provider and interface, since that was pretty abstract while the API also had specifics for Mailchimp in it, and the interface as well ($list argument). Too complex for what we tried to achieve in this case.
  • Added proper email validation, since that was missing...

PS: did not update the wiki, since the article about REST routes is still to be written. Plus adding a route this way just works, no need to worry about the security part.

[schoenkaft]

The class now returns:

Routes::NAMESPACE;
// grrr/v1

Routes::get('newsletter');
// newsletter/subscribe

Routes::get_all();
// [ '/grrr/v1/newsletter/subscribe' ]

Routes::get_all(false);
// [ 'newsletter/subscribe' ]

Routes::url('newsletter');
// http://localhost.wordpress-scaffold.nl/wp-json/newsletter/subscribe