--disable-api-security does not disable API security
Created by: mtlynch
The change in behavior of the --disable-api-security
introduced in v1.0.1 is unintuitive and breaks user scenarios.
In 1.0.1, if the user passes --disable-api-security
siad requires the user to add an API password. This is confusing because this does not seem to honor the user's request to disable the security measures on the API port; it just applies different security requirements.
This requirement breaks scenarios like Sia via Docker. It is not possible for anything outside of the Docker container to communicate with the container's localhost interface. Even if the user tries to add an API password, it's klunky to script because siad expects the password to be entered by an interactive user rather than as part of a script.