HTTP inputSource should deny all domains by default

[jihoonson]

Description

In the current Druid security model, the people who can ingest data are usually system administrators or trusted users because they will get the same privilege as what the Overlord has. However, when ingest permission is granted to a non-trusted user for some reason, it could be problematic if that user can ingest from any domains using HTTP inputSource. This PR changes HTTP inputSource to deny access to all domains by default. This can be a good practice for system admins to think about what domains they want to allow before using HTTP inputSource.

---

This PR has:

• been self-reviewed.
  • using the concurrency checklist (Remove this item if the PR doesn't have any relation to concurrency.)
• added documentation for new or modified features or behaviors.
• added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
• added or updated version, license, or notice information in licenses.yaml
• added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
• added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
• added integration tests.
• been tested in a test Druid cluster.

[abhishekagarwal87]

@jihoonson shall this be merged?

[github-actions]

This pull request has been marked as stale due to 60 days of inactivity.
It will be closed in 4 weeks if no further activity occurs. If you think
that's incorrect or this pull request should instead be reviewed, please simply
write any comment. Even if closed, you can still revive the PR at any time or
discuss it on the dev@druid.apache.org list.
Thank you for your contributions.

[github-actions]

This pull request/issue has been closed due to lack of activity. If you think that
is incorrect, or the pull request requires review, you can revive the PR at any time.