Add Spring Security #14
Description
We're using a simple mentod for router auth and CORS headers, but we want to switch to Spring Security to set up consumers for success long term. This means, in Application.java:
- [ ] Replace `addInterceptors` (and the associated `RouterInterceptor`) with a comparable Spring Security config. It should _always_ require Router auth (even if the user is authenticated by other means) and, ideally, allow that requirement to be disabled for local development.
- [ ] Replace `addCorsMappings` usage with Spring Security CORS settings with comparable rules (accessible from Studio, credentials allowed, all headers allowed)