Swap to Spring Security #14
Description
We're using basic web filters to check Router auth and set CORS headers, but we want to switch to Spring Security to set up consumers for success long term. This means:
- [ ] Replace `src/main/kotlin/com/example/template/RouterAuthFilter.kt` with a comparable Spring Security config. It should _always_ require Router auth (even if the user is authenticated by other means) and, ideally, allow that requirement to be disabled for local development.
- [ ] Replace `src/main/kotlin/com/example/template/CorsFilter.kt` with Spring Security CORS settings with comparable rules (accessible from Studio, credentials allowed, all headers allowed)