fix: restrict /metrics endpoint to admin users in production

[Deepam02]

Fixes #92

Added requireAdminUser() middleware to /metrics endpoint as requested in the issue.

[Deepam02]

Removed the extra middleware.

[duaraghav8]

Thanks. I just realized that there's another complication - this authentication works well when an admin is trying to access /metrics because they send their admin token.
But we also need to configure prometheus (or other prometheus-compatible tools) with auth token so that they can also scrape this endpoint (they too will need to authenticate).
I'm not sure how this will be done yet.
Will need to research a little more on this. Keeping this PR open for now.

[Deepam02]

Yes! i see this issue
For a quick fix we could create separate endpoints for prometheus, but there would be no point of securing it then.

The best solution would be adding an auth token for prometheus authentication, but that might be outside my scope for now - seems too complex for a beginner.