Remove "Enable SVG Badge support (unauthenticated)" checkbox in favor of authenticated badge API

[SaberStrat]

Current Behavior

Currently, Dependency-Track's badge API's functionality can be enabled or disabled by use of the checkbox Enable SVG Badge support (unauthenticated) under Administration > Configuration > General. By default it is disabled.

Proposed Behavior

Because in the current implementation, enabling badge support exposes them to anyone with network access to the Dependency-Track API server who knows a project name and project version without the need for authentication. Then, anyone can access vulnerability and policy summary metrics. This was was made before ACLs were implemented in Dependency-Track.

https://github.com/DependencyTrack/dependency-track/pull/4059 aims to put badges behind an API permission, thereby allowing to control access to badges more granularly through ACLs and a dedicated permission, instead of the checkbox.

If the maintainers find it acceptable to remove unauthenticated access to badges without a grace period, i.e. do not mind this being a breaking change, this enhancement aims to remove the checkbox entirely.

Checklist

• [X] I have read and understand the contributing guidelines
• [X] I have checked the existing issues for whether this enhancement was already requested