1. Proposed title of this feature request:
   Restrict Unauthenticated Metrics Access for `cluster-samples-operator` and `image-registry-operator`

2. The ServiceMonitor for `cluster-samples-operator` and `image-registry-operator` exposes `/metrics` over plain HTTP without authentication. These endpoints are accessible from any pod across namespaces.
   Tested using: *

Try the following from any pod (containing curl), from any namespace (e.g. Customer Workload). 

• curl -v --insecure https://<Pod_IP_of_cluster-image-registry-operator-*>:60000/metrics 
  
  --> The source (metrics Endpoint) targeted by the service monitor is without authorization and already allows unauthenticated external access!  What is the nature and description of the request?

  The response returns metrics without any authorization, even with
  `--insecure`. Ideally, this should be restricted or return a `403`.
   
  ---------------------------------------------------------------------------------
  OpenShift component that has its metrics endpoint authenticated :
  etcd:  Try curl to etcd-operator-pod using --insecure

3. Why does the customer need this? (List the business requirements here)

• Multi-Tenant Cluster Security Compliance
• Consistent Platform Security Standards

4. List any affected packages or components.

• `cluster-samples-operator` and `image-registry-operator`