Defaulted pleroma/restrict_unauthenticated basing on instance privacy setting (i.e. restrict on private instances only by default).
Note: private instances' admins will need to explicitly define
config :pleroma, :restrict_unauthenticated in
prod.secret.exs if they want to provide API access to specific resources for unauthenticated users. Added the info to changelog, updated the docs.
Closes #2046 (closed)