In https://github.com/camunda/camunda-optimize/pull/3475, we started declaring non-secured endpoints in OptimizeWebSecurityConfigurerAdapter. However, it might improve visibilty if we also introduce some kind of annotation on the endpoints themselves so that it's clear that they don't require authentication. We could then find uses of this annotation in the adaptor when declaring these unsecured endpoints. In addition, it might make sense to Unit test the adaptor to make sure it finds all of the classes we expect