/metrics is not protected with basic auth if enabled

[agoloAbbas]

after adding the following options, /metrics still available to get accessed with no authentication

--basic-auth-user=<user>
--basic-auth-pass=<pass>

shouldn't /metrics be protected too as it can contain sensitive data?

[jdolitsky]

I'm not sure about that, since this is specifically for use by Prometheus, and I'm not sure how Prometheus would get these credentials..

Maybe the better option is to make these disabled by default (as they are in the Helm chart)

[jdolitsky]

cc @nerdeveloper