Add API path to SecurityConfig.java (both /actuator** and /faidare/v1/index**)
Ignore not actuator, not indexer web.ignoring().regexMatchers("^((?!\\/(actuator|faidare/v1/index)).)*$");
Test that both these path ask for password (test with SPRING_SECURITY_USER_PASSWORD=toto ./gradlew bootRun, user => user, password => toto)
Test that spring security ignores HTTP basic auth on BrAPI (should get data on curl --user gcornut:toto http://localhost:8380/gpds-dev/brapi/v1/studies)