Internal services should be protected and not exposed at deployment time.

As an option also add a way to protect these services using a token defined in the configuration.

@sgotti do you think we can define a token different for every internal service, or an unique token?