disable http2 support in metrics and webhooks by default

[sadlerap]

Changes

Until we have a safe path forward for CVE-2023-44487, default them to disabled as a mitigation. They can still be re-enabled by passing the --enable-http2 flag for testing purposes.

/kind bug

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

• [ ] Docs included if any changes are user facing
• [ ] Tests included if any functionality added or changed. For bugfixes please include tests that can catch regressions
• [ ] All acceptance test scenarios included in the PR which verifies a bugfix or a requested feature reported by a non-member are tagged with @external-feedback tag.
• [ ] Follows the commit message standard

[sadlerap]

/hold

Would like some confirmation from product security that this fix is acceptable before merging.

[codecov[bot]]

Codecov Report

Merging #1510 (b6c0279) into master (6c3e5e9) will not change coverage. Report is 2 commits behind head on master. The diff coverage is n/a.

Additional details and impacted files

[](https://app.codecov.io/gh/redhat-developer/service-binding-operator/pull/1510?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=redhat-developer) ```diff @@ Coverage Diff @@ ## master #1510 +/- ## ======================================= Coverage 58.16% 58.16% ======================================= Files 35 35 Lines 3014 3014 ======================================= Hits 1753 1753 Misses 1093 1093 Partials 168 168 ``` ------ [Continue to review full report in Codecov by Sentry](https://app.codecov.io/gh/redhat-developer/service-binding-operator/pull/1510?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=redhat-developer). > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=redhat-developer) > `Δ = absolute (impact)`, `ø = not affected`, `? = missing data` > Powered by [Codecov](https://app.codecov.io/gh/redhat-developer/service-binding-operator/pull/1510?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=redhat-developer). Last update [6c3e5e9...b6c0279](https://app.codecov.io/gh/redhat-developer/service-binding-operator/pull/1510?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=redhat-developer). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=redhat-developer).

[sadlerap]

/unhold

[filariow]

/lgtm /approve

[openshift-ci[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: filariow

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/redhat-developer/service-binding-operator/blob/master/OWNERS)~~ [filariow] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[sadlerap]

/retest

[sadlerap]

/retest