refactor: auth and metrics middlewares

[dave-gray101]

This refactor PR contains the following changes:

• core/http/middleware has been created to hold non-endpoint specific HTTP code, rather than leaving it loose within app.go, as much as possible.
• core/http/middleware/metrics.go is a file move - there should be no changes other than renames, but it belongs here now.
• core/http/middleware/auth.go handles the creation of keyauth configuration data and contains the validation function specific to LocalAI.
• actual implementation of auth has been temporarily moved to my keyauth v2 backport - I submitted and merged the required feature changes to fiber upstream, but v3 is not quite yet stable enough for us to target... hence this backport I made for us and future projects.
• pkg/model/initializer.go - logging change that is helpful while debugging

Notably this does not include the common request infrastructure yet - that depends on #2773 but nothing in this PR does

[netlify]

✅ Deploy Preview for localai ready!

Name	Link
🔨 Latest commit	78e5bd3
🔍 Latest deploy log	https://app.netlify.com/sites/localai/deploys/66bcc4ef13a24100095c3f35
😎 Deploy Preview	https://deploy-preview-2894--localai.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[dave-gray101]

@mudler - cleaned up some things based on your comments. By default, the UI is once again fully protected. Endpoint skipping is now regex based, and fully configurable. The relevant new configuration settings are:

DisableApiKeyRequirementForHttpGet - defaults to false, meaning API Keys are required to access the UI. If the user explicitly provides --disable-api-key-requirement-for-http-get=true, the following parameter is activated - allowing the user to view sensitive information and set the API key via the web interface itself for further requests. This should only be enabled in secure development environments, never production.

HttpGetExemptedEndpoints - this can be overridden by end users in the situation that their security posture demands a different usecase or if a temporary issue or bug demands an immediate fix. However, in most cases, this variable should be left at the default value, which exempts the main pages of the UI as needed:

• ^/$
• ^/browse/?$
• ^/talk/?$
• ^/p2p/?$
• ^/chat/?$
• ^/text2image/?$
• ^/tts/?$
• ^/static/.*$
• ^/swagger.*$

This is split into two parameters to easily default to "off" with a sane default for "on" as well.