The use of `quarkus.security.jaxrs.deny-unannotated-endpoints=true` essentially
results in the addition of a `DenyAllInterceptor` to the invocation chain
of a JAX-RS endpoint.
Because this interceptor did not take into account the `AuthorizationController`
(like the `RolesAllowedInterceptor` already does), it would result in endpoints
being secured even though security was supposed to be disabled for the specific test.

Fixes: #19896