[BUG] [SECURITY] sensitive configurations leaked in unauthenticated html endpoint

[chrislujan]

Describe the bug

An instance of rswag configured like:

Rswag::Ui.configure do |c|
  c.swagger_endpoint '/apidocs', 'API V1 Docs'

  c.basic_auth_enabled = true
  c.basic_auth_credentials 'aaa', 'XXX'
end

Will leak the contents of the configuration, including the credentials in index.html of the swagger docs.

    var configObject = JSON.parse('{"urls":[{"url":"/apidocs","name":"API V1 Docs"}],"basic_auth":{"username":"aaa","password":"XXX"}}');

due to the code found at

rswag/rswag-ui/lib/rswag/ui/index.erb

Lines 82 to 83 in bc58e30

	var configObject = JSON.parse('<%= config_object.to_json %>');
	var oauthConfigObject = JSON.parse('<%= oauth_config_object.to_json %>');

Steps to Test or Reproduce

1. Configure rswag with basic_auth_credentials
2. Visit the URL where swagger docs can be reached
3. You should have a basic auth input form
   
4. Click cancel, an error should render
   
5. Inspect the source of the page and search for the term configObject, it should be in a script tag towards the bottom of the page

Expected behavior

Configurations and Configurations should not be exposed unless necessary, always practice the principle of least privilege and ensure you systems fail securely.

Screenshots

(see above)

Additional context

Add any other context about the problem here.

Dependency versions

The version of are you using for:

• Rswag: (2.8.0)
• RSpec:
• Rails: 7.0.3.1
• Ruby: ruby-3.1.1

Relates to which version of OAS (OpenAPI Specification)

• OAS2
• OAS3
• OAS3.1