[feat]: Add login screen for services that don't require them

[BitcoinMechanic]

Prerequisites

• [X] I have searched for existing issues that already suggest this feature.

Describe the Feature Request

Currently if someone learns the URL of one of your services, and if that service isn't behind a login screen, they can just use your service with/without your permission. Mempool is one example.

Another approach would be for the service packager to add something like this on a per-service basis.

Describe the Use Case

Unintended usage of your services would be prevented. So if, for example, someone learned your mempool Tor address, they would no longer be able to make use of it unless provided with a username + password.

Describe Preferred Solution

No response

Describe Alternatives

No response

Anything else?

No response

[chrisguida]

This could be something we could stick in the SDK as well; embassy-sdk add auth or something

[ProofOfKeags]

fwiw doing this automatically would be a heuristic at best. We'd probably only be able to do it for specified interfaces (as those are the ones we're aware of) and even then it's unclear whether or not there is auth for communications. This pretty much requires service packager buy in, in which case theres no real need for the feature as they could just implement a login screen themselves. Eventually, you may want this in the "super nice to have" scenario but I anticipate that is further down the road, I am not the authority on roadmap concerns though :)