Access to /me should be fully authenticated

- Fixes /profile/forgot-password access for anons
- UserProfileController @PreAuthorizes all method access

src/main/java/org/genesys2/spring/config/SecurityConfig.java

@@ -138,7 +138,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 				// admin
 				.antMatchers("/admin/**", "/1/admin/**").hasRole("ADMINISTRATOR")
 				// require login
-				.antMatchers("/profile", "/profile/**", "/oauth/authorize", "/swagger-**").fullyAuthenticated()
+				.antMatchers("/profile/me", "/profile/me/**", "/oauth/authorize", "/swagger-**").fullyAuthenticated()
 
 			// access denied
 			.and().exceptionHandling().accessDeniedPage("/access-denied")