Reduce helmet exceptions footprint

[innerdvations]

It seems v5/main got rebased or something, so back to draft until I have time to fix this branch

What does it do?

Helmet exceptions are only added on a per-path basis instead of all exceptions for all special paths

Note: this is still not ideal; graphql and documentation and anything else in the future should push their own exceptions instead of handling it here, but I'm not sure if we provide a mechanism for that that will work without additional refactorings

Why is it needed?

For security, to reduce the footprint of helmet exceptions to the bare minimum

How to test it?

Documentation and graphql GET endpoint should still work fine, but now without sharing each others' exceptions

Related issue(s)/PR(s)

It's a follow-up to the apollo v4 upgrade that I felt we needed since it added several more more exceptions (and was happening even when playground wasn't enabled)