This change addresses the issue that currently, any HTTP method is handled
by returning success and metrics data, which causes network scanners to
report issues.

Details:

* This change rejects any HTTP methods and resources other than the following:

    OPTIONS (any) - returns 200 and an 'Allow' header indicating allowed methods
    GET (any) - returns 200 and metrics
    GET /favicon.ico - returns 200 and no body (this is no change)

  Other HTTP methods than these are rejected with 405 "Method Not Allowed"
  and an 'Allow' header indicating the allowed HTTP methods.

  Any returned HTTP errors are also displayed in the response body after a
  hash sign and with a brief hint,
  e.g. "# HTTP 405 Method Not Allowed: XXX; use OPTIONS or GET".

Signed-off-by: Andreas Maier <maiera@de.ibm.com>