bug: can access public apps with incorrect secure subdomain

[nick1udwig]

Describe the bug
We don't allow incorrect secure subdomains to access apps. This is a security feature to stop users from shooting themselves in the foot. However, public (i.e. authenticated == false) apps CAN still be accessed. This is a security hole

hyperdrive/hyperdrive/src/http/server.rs

Line 690 in b60ccd4

"secure subdomain can only serve its associated package",

[nick1udwig]

see commit where this was added for context cd29b41