Ensure authentication annotation is enabled by default for all resources

[kroepke]

We want to ensure that all API resources are only available to authenticated requests and use annotations to mark the exceptions from this rule.

This will prevent missing annotations in the future and is easier to catch in code reviews as well because the intent of making something publicly accessible is explicit.