Currently every user who has access to optimize can access any xml no matter if he is authorized to.
- decision and process definition endpoints are only accessible if the user is authorized to read the particular definition
- as part of refactoring aling the implementation of ProcessDefinitionReader and DecisionDefinitionReader:
- throw NotFoundexception from RestService instead from reader
- return Optional<String> for get*DefinitionXml don't throw exception on just missing xml