Disable the introspection of GraphQL API

[ThibBal]

We need a way to disable the introspection of the GraphQL API in production mode to avoid a leak of the database schema.

[moufmouf]

Disabling the introspection can be done in Webonyx using:

https://webonyx.github.io/graphql-php/security/#disabling-introspection

we need to do it on a per-query basis:

https://webonyx.github.io/graphql-php/executing-queries/#custom-validation-rules

[moufmouf]

• In the Symfony bundle, we need to add custom validation rules to the ServerConfig: https://github.com/webonyx/graphql-php/blob/master/src/Server/ServerConfig.php#L167-L179 and https://github.com/thecodingmachine/graphqlite-bundle/blob/master/Controller/GraphqliteController.php#L55
• We need to add a way to configure the validation in the Symfony bundle:
• Edit the allowed config values: https://github.com/thecodingmachine/graphqlite-bundle/blob/master/DependencyInjection/Configuration.php
• Take the value from the config and put it in the container: https://github.com/thecodingmachine/graphqlite-bundle/blob/master/DependencyInjection/GraphqliteExtension.php#L34
• Edit the container to add new validation rules dynamically (probably in the compiler pass: https://github.com/thecodingmachine/graphqlite-bundle/blob/master/DependencyInjection/GraphqliteCompilerPass.php#L90 )
• Finally, document everything in https://github.com/thecodingmachine/graphqlite/blob/master/docs/symfony-bundle-advanced.md

Bonus: same thing for Laravel and service providers (or open a new issue for those)

[moufmouf]

Closed by #263