Allow introspection by default in production mode

Adds env.php parameter for disabling introspection:
```php
...
    'graphql' => [
        'disable_introspection' => true,
    ],
...
```

Fixes #232

Author: pmclain

dev/tests/api-functional/testsuite/Magento/GraphQl/IntrospectionQueryTest.php

@@ -12,10 +12,10 @@
 class IntrospectionQueryTest extends GraphQlAbstract
 {
     /**
-     * Tests that Introspection is disabled when not in developer mode
+     * Tests that Introspection is allowed by default
      * @SuppressWarnings(PHPMD.ExcessiveMethodLength)
      */
-    public function testIntrospectionQueryWithFieldArgs()
+    public function testIntrospectionQuery()
     {
         $query
             = <<<QUERY
@@ -54,11 +54,6 @@ public function testIntrospectionQueryWithFieldArgs()
 }
 QUERY;
 
-        $this->expectException(\Exception::class);
-        $this->expectExceptionMessage(
-            'GraphQL response contains errors: GraphQL introspection is not allowed, but ' .
-            'the query contained __schema or __type'
-        );
-        $this->graphQlQuery($query);
+        $this->assertArrayHasKey('__schema', $this->graphQlQuery($query));
     }
 }

lib/internal/Magento/Framework/GraphQl/Query/IntrospectionConfiguration.php

@@ -0,0 +1,42 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Framework\GraphQl\Query;
+
+use Magento\Framework\App\DeploymentConfig;
+
+/**
+ * Class for fetching the availability of introspection queries
+ */
+class IntrospectionConfiguration
+{
+    const CONFIG_PATH_DISABLE_INTROSPECTION = 'graphql/disable_introspection';
+
+    /**
+     * @var DeploymentConfig
+     */
+    private $deploymentConfig;
+
+    /**
+     * @param DeploymentConfig $deploymentConfig
+     */
+    public function __construct(
+        DeploymentConfig $deploymentConfig
+    ) {
+        $this->deploymentConfig = $deploymentConfig;
+    }
+
+    /**
+     * Check the the environment config to determine if introspection should be disabled.
+     *
+     * @return int
+     */
+    public function disableIntrospection(): int
+    {
+        return (int) $this->deploymentConfig->get(self::CONFIG_PATH_DISABLE_INTROSPECTION);
+    }
+}

lib/internal/Magento/Framework/GraphQl/Query/QueryComplexityLimiter.php

@@ -11,6 +11,7 @@
 use GraphQL\Validator\Rules\DisableIntrospection;
 use GraphQL\Validator\Rules\QueryDepth;
 use GraphQL\Validator\Rules\QueryComplexity;
+use Magento\Framework\App\ObjectManager;
 
 /**
  * QueryComplexityLimiter
@@ -33,16 +34,25 @@ class QueryComplexityLimiter
      */
     private $queryComplexity;
 
+    /**
+     * @var IntrospectionConfiguration
+     */
+    private $introspectionConfig;
+
     /**
      * @param int $queryDepth
      * @param int $queryComplexity
+     * @param IntrospectionConfiguration $introspectionConfig
      */
     public function __construct(
         int $queryDepth,
-        int $queryComplexity
+        int $queryComplexity,
+        IntrospectionConfiguration $introspectionConfig = null
     ) {
         $this->queryDepth = $queryDepth;
         $this->queryComplexity = $queryComplexity;
+        $this->introspectionConfig = $introspectionConfig ?? ObjectManager::getInstance()
+                ->get(IntrospectionConfiguration::class);
     }
 
     /**
@@ -53,7 +63,7 @@ public function __construct(
     public function execute(): void
     {
         DocumentValidator::addRule(new QueryComplexity($this->queryComplexity));
-        DocumentValidator::addRule(new DisableIntrospection());
+        DocumentValidator::addRule(new DisableIntrospection($this->introspectionConfig->disableIntrospection()));
         DocumentValidator::addRule(new QueryDepth($this->queryDepth));
     }
 }