Make /metrics available without authentication or give the option for metrics-only usernames

[strayer]

Output of rest-server --version

rest-server manually compiled with go1.14.7 on linux/amd64
84b6955

What should rest-server do differently?

A possible solution could be a parameter making /metrics completely public even when authentication is enabled. Another solution would be a parameter that specifies a username that should only be allowed to access /metrics and not store/read backups.

What are you trying to do? What is your use case?

I want to give a service read-only access to the metrics endpoint and avoid giving it more permissions than it needs to have for its purpose.

[wojas]

PR #112 already changes how /metrics permission handling works. I actually want to optionally move the /metrics to a different port so that you can manage access and bind addresses independently.

[micah]

A different port makes a lot of sense for metrics