Don't ignore secure field on devfile endpoints

[amisevsk]

Is your enhancement related to a problem? Please describe

Currently, setting secure: true on an endpoint does not add authentication to that endpoint, despite the devfile API documentation stating

Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of https or wss.

This means the field is misleading, as setting it true or false doesn't change anything with respect to auth.

Describe the solution you'd like

As suggested by @l0rd in issue #22664 (comment), we could treat secure: true endpoints in the same way as endpoints with urlRewriteSupported: true (i.e. serve such endpoints through the main gateway):

• If secure is true on an endpoint, treat that endpoint as though it had urlRewriteSupported: true
• If an endpoint has secure: true but urlRewriteSupported: false, either warn the user that the secure field is being ignored in this case (as we cannot secure such endpoints) or fail the workspace.

We would need to be careful around making this change as it would potentially break existing endpoints in workspaces -- I don't know a good way to avoid that.

Describe alternatives you've considered

No response

Additional context

See issue: #22664

[che-bot]

Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.

Mark the issue as fresh with /remove-lifecycle stale in a new comment.

If this issue is safe to close now please do so.

Moderators: Add lifecycle/frozen label to avoid stale mode.