fix: 禁用TRACE/TRACK方法

--bug=1011291 --user=刘瑞斌 [BUG]github#11510ms-node-controlle组件的http请求默认未禁用TRACE/TRACK方法，存在安全风险，请修复 https://www.tapd.cn/55049933/s/1119268

Closes #11510

backend/src/main/java/io/metersphere/config/HTTPSConfig.java

@@ -3,6 +3,8 @@ package io.metersphere.config;
 
 import io.undertow.Undertow;
 import io.undertow.UndertowOptions;
+import io.undertow.server.handlers.DisallowedMethodsHandler;
+import io.undertow.util.HttpString;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
@@ -45,6 +47,11 @@ public class HTTPSConfig {
 //                            .setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT))
 //                    .setConfidentialPortManager(exchange -> httpsPort);
 //        });
+        // 禁用 TRACE 和 TRACK
+        undertowFactory.addDeploymentInfoCustomizers(deploymentInfo -> deploymentInfo.addInitialHandlerChainWrapper(handler -> {
+            HttpString[] disallowedHttpMethods = {HttpString.tryFromString("TRACE"), HttpString.tryFromString("TRACK")};
+            return new DisallowedMethodsHandler(handler, disallowedHttpMethods);
+        }));
         return undertowFactory;
     }