chore: narrow API whitelist for shares to GET

Author: edwardzjl

manifests/components/auth/secret-params.env

@@ -1,5 +1,4 @@
-# TODO: how to allow only GET /api/shares/{share_id}?
-OAUTH2_PROXY_SKIP_AUTH_ROUTES=/metrics,/share/.*,/api/shares/.*,/static/.*,/favicon.ico,/manifest.json
+OAUTH2_PROXY_SKIP_AUTH_ROUTES=/metrics,/share/.*,GET=/api/shares/.*,/static/.*,/favicon.ico,/manifest.json
 OAUTH2_PROXY_COOKIE_SECRET=tNTtR9Rz4XWkUL4BL7bDghPK0Ck8PrQAagrWwqr2LNI=
 OAUTH2_PROXY_EMAIL_DOMAINS=*
 OAUTH2_PROXY_SESSION_STORE_TYPE=redis