feat(backend): implement step 9 — REST controllers, DTOs, EntityService, SecurityConfig (permit-all)

backend/src/main/kotlin/com/condado/newsletter/config/SecurityConfig.kt

@@ -0,0 +1,24 @@
+package com.condado.newsletter.config
+
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.web.SecurityFilterChain
+
+/**
+ * Security configuration — Step 9: permits all requests.
+ * Will be updated in Step 10 with JWT authentication.
+ */
+@Configuration
+@EnableWebSecurity
+class SecurityConfig {
+
+    @Bean
+    fun filterChain(http: HttpSecurity): SecurityFilterChain {
+        http
+            .csrf { it.disable() }
+            .authorizeHttpRequests { it.anyRequest().permitAll() }
+        return http.build()
+    }
+}