Don't poll for invalid wallet address requests

[mkurapov]

Context

Currently, we have a feature that sends a webhook (wallet_address.not_found) out to the ASE if a wallet address looked up via Open Payments wasn't found (#1419). This allows the integrator to call createWalletAddress "on-the-fly"/on demand. This avoids the ASE having to pre-create all wallet addresses for all of their users when first starting up Rafiki - they can just wait for the wallet address to be requested to do the lookup process on their end and create this wallet address.

The current issue with this is the fact that we may get a bunch of "invalid" wallet address requests: for example, while https://ilp.interledger-test.dev/max would be a valid lookup, we may get something like https://ilp.interledger-test.dev/favicon.ico, which is already invalid -> we shouldn't send out a webhook for this.

This can be potentially solved with allowing a standard regex for wallet address creation (something which the ASE can decide). Then, we can use the same regex to validate whether we actually want to publish the wallet_address.not_found whenever we encounter a wallet address that does not exist in the Rafiki DB.

11/02
After discussion in the community call, the long term solution is to host the wallet address server on a separate port. This will allow an integrator to host the server on a separate (non-root) port entirely, separately from the resource server API. This will be a breaking change.

[pedrosousabarreto]

At PCH we came about this issue because of typical website scans that happen all the time on the internet to open web servers.
Problem is that if we serve the wallet address lookup function at the root of the site, everything that looks like "/something.*" is a potential lookup, which triggers work and possibly an unintended denial of service attack.

A simple solution is to just have a prefix where we mount the lookup function, like: "/lookup/:addressToLookup"