chore(api): redocly warns if endpoints dont have security set

usually we use the OAuth2 security schema. but public endpoints
do not have this security constraint. callbacks don't authenticate
against the called endpoint.

For reference, the warning was (one example):

> Every operation should have security defined on it or on the root level.
>
> 418 | get:
>     | ^^^
> 419 |   operationId: get-destination-key
> 420 |   summary: Ruft einen JWK des Zustelldienstes ab
>
> Warning was generated by the security-defined rule.

spec/callbacks/new-events.yaml

@@ -8,6 +8,7 @@
     parameters:
       - $ref: '../headers/hmac-cb-authentication.yaml'
       - $ref: '../headers/hmac-cb-timestamp.yaml'
+    security: []
     requestBody:
       required: true
       content:

spec/callbacks/new-replies.yaml

@@ -8,6 +8,7 @@
     parameters:
       - $ref: '../headers/hmac-cb-authentication.yaml'
       - $ref: '../headers/hmac-cb-timestamp.yaml'
+    security: []
     requestBody:
       required: true
       content:

spec/callbacks/new-submissions.yaml

@@ -8,6 +8,7 @@
     parameters:
       - $ref: '../headers/hmac-cb-authentication.yaml'
       - $ref: '../headers/hmac-cb-timestamp.yaml'
+    security: []
     requestBody:
       required: true
       content:

spec/endpoints/destinations/keys/uuid.yaml

@@ -8,6 +8,7 @@ get:
   description: Ermöglicht es, Public Keys eines Zustellpunktes abzufragen.
   tags:
     - Einreichungsübermittlung
+  security: []
   responses:
     '200':
       description: OK

spec/endpoints/info/index.yaml

@@ -4,6 +4,7 @@ get:
   description: Für Debugging oder Informationszwecke angebotener Endpunkt
   tags:
     - Fachlich
+  security: []
   responses:
     '200':
       description: OK

spec/endpoints/well-known/jwks.json/index.yaml

@@ -4,6 +4,7 @@ get:
   description: Kann z.B. zur Validierung der SETs des Zustelldienstes genutzt werden.
   tags:
     - Fachlich
+  security: []
   responses:
     '200':
       description: OK