Make sure identity verification runs before discovery and health won't leak info (#467)

Author: slinkydeveloper

sdk-core/src/main/java/dev/restate/sdk/core/EndpointRequestHandler.java

@@ -105,24 +105,24 @@ public RequestProcessor processorForRequest(
       LoggingContextSetter loggingContextSetter,
       Executor coreExecutor)
       throws ProtocolException {
+    if (path.endsWith(HEALTH_PATH)) {
+      return new StaticResponseRequestProcessor(200, "text/plain", Slice.wrap("OK"));
+    }
+
+    // Verify request
+    if (endpoint.getRequestIdentityVerifier() != null) {
+      try {
+        endpoint.getRequestIdentityVerifier().verifyRequest(headersAccessor);
+      } catch (Exception e) {
+        throw ProtocolException.unauthorized(e);
+      }
+    }
+
     // Discovery request
     if (path.endsWith(DISCOVER_PATH)) {
       return this.handleDiscoveryRequest(headersAccessor);
     }
 
-    if (path.endsWith(HEALTH_PATH)) {
-      return new StaticResponseRequestProcessor(
-          200,
-          "text/plain",
-          Slice.wrap(
-              "Serving services ["
-                  + this.endpoint
-                      .getServiceDefinitions()
-                      .map(ServiceDefinition::getServiceName)
-                      .collect(Collectors.joining(", "))
-                  + "]"));
-    }
-
     // Parse request
     String[] pathSegments = SLASH.split(path);
     if (pathSegments.length < 3) {
@@ -152,15 +152,6 @@ public RequestProcessor processorForRequest(
       throw ProtocolException.methodNotFound(serviceName, handlerName);
     }
 
-    // Verify request
-    if (endpoint.getRequestIdentityVerifier() != null) {
-      try {
-        endpoint.getRequestIdentityVerifier().verifyRequest(headersAccessor);
-      } catch (Exception e) {
-        throw ProtocolException.unauthorized(e);
-      }
-    }
-
     // Parse OTEL context and generate span
     final io.opentelemetry.context.Context otelContext =
         this.endpoint