Hand out configs.json without authentication

Dropping the need for auth would significantly reduce client complexity - see: platform#8849 (closed)

The logic for requiring it is already bound to wether the provider supports anonyous vpn use or not. So we can probably also reduce complexity on the server side and the security implications should not be so bad. After all an attacker can usually just get an account to figure out these infos.