Add metricsapp option

[ath88]

Fixes #25

Exposing Node.js internals on a public facing API is potentially a security issue. This lets you expose the metrics endpoint on a different node app listening on a different port.

[disjunction]

Thanks for the contribution! Yet I find the suggested solution outside of the library better: https://github.com/jochen-schweizer/express-prom-bundle/issues/25#issuecomment-830426374

The pull request is lacking 2 items:

• types/index.d.ts needs to be extended to include the new option
• the code should be covered in unit tests

[ath88]

Thanks for the contribution! Yet I find the suggested solution outside of the library better: #25 (comment)

The pull request is lacking 2 items:

• types/index.d.ts needs to be extended to include the new option
• the code should be covered in unit tests

I see your point. It's cleaner and doesn't pollute the code base and is fully supported by autoregister. But - I see a two benefits over the solution mentioned in the comments:

• No need to exclude the metrics path from being instrumented. Prometheus will already record timing and and response codes.
• Being opinionated about security. With collectDefaultMetrics you'll expose your Node.js version to the world, if you forget to block it in your firewall or proxy or whatever you have. This is an issue that people have. By supporting this directly, people won't have to look through closed issues to find the secure approach.

I added the requested changes. :)

[disjunction]

@ath88 thanks again! This has been published to npm as version 6.5.0