Require authentication for safekeeper/pageserver metrics

[yeputons]

Currently endpoint::make_router() exposes /metrics without any checks. However, it may contain relatively sensitive information like tenant/timeline IDs. We should require a managemental token instead.

Careful: not to break Grafana.

Careful: implement after #1856 is merged, otherwise there is not much auth in Safekeeper.

Careful: do not merge until #1856 is correctly configured on staging/prod, requires configuration updates. Even then, coordinate with SREs.

[stepashka]

we don't need to auth metrics, as they contain aggregated info and anonymized ids only it makes much more sense to clean up logs first