Only require RPC password when actually viewing RPC routes

[adamgall]

Currently, when the app is configured with BTCEXP_BASIC_AUTH_PASSWORD, the Basic Auth popup is displayed as soon as the site loads.

In my opinion, the Basic Auth popup should only be displayed when the user attempts to GET/POST /rpc-terminal and/or GET /rpc-browser.

With the new behavior, then the explorer could remain public for general use, but require a password only when a user attempts to use the RPC functionality.

[Kixunil]

It'd be even better to support both as a DoS protection.

[adamgall]

Not a bad idea. I'll try to rebase the PR (to fix conflicts), and keep the original functionality. Might need to think about the design a little bit.

@Kixunil as a user of btc-rpc-explorer, how would you want to configure it to switch between those two auth modes?

[Kixunil]

Hmm, maybe BTCEXP_BASIC_AUTH_VIEW_PASSWORD and BTCEXP_BASIC_AUTH_MANAGE_PASSWORD?

Eventually, I'd love to see support for some kind of SSO though.