FIX User private info exposed

[tyagishuchi1]

1. Any user's private profile info can be accessed publicly via anybody as long as the wallet address is known. And since the Smart contract's addresses are public and the Oath Keeper/Advocate openly mentions the list of wallets, addresses can be very easily accessed. Although all APIs expose data publicly, but with this API a wallet address can be attached to a user's real world identity.
2. It also exposes the id related to the user which makes the JBP DB too predictable for resource harvesting.
   

Expected Behavior

The API should only return the info if the user is authorized

Possible Solution

Steps to Reproduce

Environment: Beta/Test/Temp

1. Send a GET request to https://beta.jur.io/api/v1/user providing wallet as a header

[mtmsuhail]

@tyagishuchi1 This issue reported earlier, this also an issue with many other end-points

Ex:-

1. Send a DELETE request to https://beta.jur.io/api/v1/user providing wallet as a header
2. Send a PUT request to https://beta.jur.io/api/v1/user providing wallet as a header with body content

Solution: We should authenticate the wallet using some methods like this