Improve serving of NiFi 2 metrics

[NickLarsenNZ]

Part of #809.

Tip

Prometheus/OpenMetrics endpoints are an operational concern and should not be treated as part of the application's API.

Current state

The metrics endpoint for NiFi 2 cluster members is part of the API server/endpoints, and therefore inherits the authentication/authorization configuration of the API.

It is unusual to use Bearer auth for serving metrics, not to mention the current Oauth2 implementation restricts tokens to each cluster member they were obtained from (see: NIFI-7246). This makes regular metrics scraping rather difficult to near impossible.

Future state

Metrics scraping should be as simple as it is for any other app exposing endpoints.

Implement common patterns for exposing metrics:

• Unauthenticated access, or authorized access using simple authentication mechanisms (such as Basic auth, and...
• Expose metrics on a separate HTTP port (so that it's exposure is independent of an API), and/or unauthenticated or using basic auth (and not complex authentication mechanisms).