DELETE /things is not a protected endpoint

[ivanzy]

Currently, it is possible to execute delete any TD from the directory performinig a DELETE operation in the /things endpoint. I imagine that this is not the desired behavior, since an access token is needed to create (POST /things) or to update (PUT /things) a given TD.

Also, the PATCH endpoint does not require credentials.

[relu91]

Already fixed in the 1.0.0-alpha.0