This patch should help to make sure, that nothing uses plaintext
signatures.

This patch fixes the usage of oauth2-proxy by already triggering auth on
the GET instead of the POST request.

The usage of the trusted-ip config resulted in a security incident that
allowed access to any oauth2-proxy protected endpoint without requiring
authentication.

Thankfully all significant endpoints had been protected by additional
measures such as network restrictions and are therefore not affected.
Only the prometheus and alertmanager endpoints have been exposed to the
public internet, but are not exposing sensitive data beyond metrics.

A check of the relevant logs didn't provide any indication of
compromise.