Add documentation for configuring public endpoints

[Meehdi]

Related to 14122 .

This documents authentication Semantics for Public Endpoints.

It includes:

• Adding Java and Kotlin examples for configuring public endpoints.
• Add notes about authentication behavior with permitAll()
• Document usage of SecurityFilterChain and @Order annotation to bypass authentication for public endpoints

[rwinch]

Thanks for the Pull Request!

I am going to decline this pull request, because how to make an endpoint public is already documented in Authorizing Requests.

[Meehdi]

Hello Rob, thanks for you reply.

Correct if I am wrong, but when authentication credentials are provided in the request, the filter chain will check whether the credentials are valid or not, even for public endpoints.
For a given request containing invalid credentials, the client gets a 401 Error, which might be disturbing since the endpoint is public.
That's why I wanted to document this behaviour since it is not mentioned in the docs.

Let me know, if you want me to rework that or put it in a different section. I understand also that you might find it not pertinent.

Thanks !