Update `SecurityConfig` to refine API access controls:
- Restrict all `/api/**` endpoints to authenticated users. - Require `ADMIN` authority for `/api/users/**` endpoints. - Permit all other requests by default.
- Restrict all `/api/**` endpoints to authenticated users. - Require `ADMIN` authority for `/api/users/**` endpoints. - Permit all other requests by default.