Secure actuator endpoints behind a specific /management URL

[jdubois]

This is quite urgent, sorry to break stuff at the last minute, but it's for security.

This has already been discussed (ping @cbornet @gmarziou I think you participated), but we have an issue with our actuator endpoints:

• We have a lot of them secured in the SecurityConfiguration, and that makes a long file (and besides it has a small performance cost as Spring Security needs to go thru all of them)
• It's not fully secured as when Spring Boot Actuator adds more endpoints we might forget to update them (and there's probably already a security issue here today!!)
• Microservices are not secured, as they were supposed to be behind the gateway: in fact that's false in several cases, for example with Heroku, where all services are publicly available. So another big security issue.

My proposal, and I'm going to work on this ASAP (as it's security-related):

• Put all endpoints behind "/management" so it's easy to secure them with just one Spring Security rule
• (optional) Add basic auth support for them, so that the JHipster Registry (or any other tool) can access them remotely easily

[gmarziou]

I am all for name spacing apis, so +1