feat(applicationData): add anonymous access control setting

[tkurki]

This somewhere between RFC and implementation. If we decide to go here this sill needs at least

•  rate limit
• apply limit on total size and number of files in applicationData
• documentation

=======================
Adds a setting to control anonymous access to global applicationData, honored both with and without security enabled.

• New anonymousApplicationDataAccess setting with values: none (default), readonly, readwrite
• When security is enabled:
  • none: anonymous requests are rejected on all global applicationData routes including version listing
  • readonly: anonymous GET allowed, writes require admin
  • readwrite: no restrictions on global routes
• When security is disabled: the setting controls whether anonymous reads are allowed (readonly/readwrite) or blocked (none). Writes are blocked with 405 regardless.
• User-scoped applicationData always requires authentication
• Admin UI: dropdown in Server Settings, applicationData browser panel in Data Browser
• Tests: allow_readonly bypass, readonly access, readwrite access, security disabled (global GET returns data when access is readonly or readwrite, returns 403 when none; POST returns 405)

[tkurki]

@godind @sbender9 @panaaj @dirkwa would appreciate your thoughts on this.

[godind]

Hi Teppo. I am not familiar with the Security Disable design so I can only assume. That said, I like what you propose (sorry - bad edit prior). I'm not sold on the idea to add a file browser features to the Data Browser page, if that's the idea. I, personally, would not expect to find file/storage related information under Data Browser.

One thing that's maybe worth thinking about, if you think it's related to this PR, is "authenticated user" permissions on Global. It kind of falls between Anonymous and Admin permission: at the moment, with security enabled, you need Admin rights to R/W to Global. It would be practical for "authenticated users" to be able to gain R/W access to the app's Global folder (maybe not all Global folders). This would enable sharing between users without granting admin permission - like for sharing KIP config between users done with global storage. It requires Admin permission.

@sbender9 probably has a better perspective about why would one thing or another make more sense.

Hope this is helpful.

[panaaj]

I think this is a worthy feature which compliments client access to server side config i.e. unit preferences.
I also think there is a use case for an authenticated (non-admin) user to write to the global applicationData. This would look like more of an oversight if anonymous write is available.

[dirkwa]

I think we should look at it with a different view to make both worlds happy.

My proposal:

• Remove Security = off , the server is always secure by default.
• A auto-login feature for users convenience explaining the risks to do so
• A device namespace, so that helm:pi gets dashboard_1 and nav:esp32_round gets dashboard_2 to separate devices from user permissions (RO/RW/ADM)
• Allow ?token= urls for stateless devices

This would allow:

• Users do not need to type username password
• ESP_32 screens etc use their token and show their dashboard
• Iphone ipad etc can bookmark with ?token= URL if different dashboards shall be shown on each.