Load config.json authenticated

[kulmann]

Initial Checklist

• I understand this is a user story and questions should be posted in the Community Discussions
• I searched issues and couldn’t find anything (or linked relevant results below)

User Story

• As an admin, I want to protect some config.json content from being visible unauthenticated so that I can protect my environment.
• As an admin, I want to be able to serve app config user-specific, based on rules, so that certain config is not available to all users.

User Value

Security: Prevent sensitive configuration data from being exposed to unauthenticated users.
Compliance: Ensure the application adheres to security and privacy policies (e.g. GDPR, internal security standards).

Acceptance Criteria

• apps don't get registered and initialized until the config.json has been loaded with an authenticated request => requires to postpone app registration and initialization until after the user access token is available and the config.json has been loaded a second time with authentication.
• page load performance is similar to before (check lighthouse report, not just your gut feeling!!!)