Validation should happen after security checks

[danielo515]

Hello.
I noticed that validation always happens bo matter what. Then the security is checked and if security rails the request is rejected.
This opens a attack vector because request validation is costly compared to checking auth (specially if it is in cookies or JWT).
I tried changing the order of definition, but that makes no difference.

[AMar4enko]

Second this. I assume changing src/internal/serverRequestParser.ts#L49

to something along the lines below would work

 parseSecurity(endpoint).pipe(
   Effect.bindTo(`security`),
   Effect.bind(`headers`, () => parseHeaders(endpoint, parseOptions)),
   Effect.bind(`path`, () => parsePath(endpoint, parseOptions)),
   Effect.bind(`query`, () => parseQuery(endpoint, parseOptions)),
   Effect.bind(`body`, () => parseBody(endpoint, parseOptions))
 )

[AMar4enko]

Oh it appears I have a fork with said change - I'll make a PR today