remove <security-constraint> from web.xml
The original idea of this (back when Tomcat was still used, before
Karaf, perhaps?) probably was to protect URLs at the "web container
level", but... we ALSO have the Shiro AAAFilter, and my understanding is
that this Filter is what actually does the protection (today); therefore
I suspect that this <security-constraint> is now useless. We can remove
it to remove confusion for possible future work to replace the web.xml
with something else.
Change-Id: I23c74ed146364ee8864e31f7a8038a782bd32fba
Signed-off-by: Michael Vorburger <vorburger@redhat.com>