Multitenancy - require wallet_key in order to retrieve wallet bearer token

[ianco]

Add a second endpoint to retrieve the sub-wallet's bearer token, which requires both wallet_id and wallet_key to be provided.

Update the existing endpoint GET /multitenancy/wallet/<wallet_id>/token to remove the optional wallet_key parameter (since it is currently not required and ignored anyways)

Add a new startup parameter --allow-insecure-wallet-token-retrieval to enable the original ("insecure") endpoint.

See Issue #1632 for the background discussion.

[DaevMithran]

@ianco

Instead of a separate endpoint for managed and unmanged wallets,

• How about returning the wallet token for unmanaged wallets in the response of GET multitenancy/wallets itself? As there is no authentication needed. Whereas for a managed wallet a user has to authenticate using a walletkey. This clearly intreprets that incase of unmanaged wallets the tokens are known to the basewallet.

[ianco]

My preference would be to not include the token in the GET multitenancy/wallets endpoint. I don't think we should provide the token unless it's explicitly requested (based on "least privilege" or providing the least information required).

If we're *always" providing the token (even for managed wallets) then it's more difficult to audit (if we need to) who is trying to access the wallet. (Also based on a recent update, when we generate a new token it will invalidate the previous token.)