Hi Hugo team and community, I'm currently trying to fine-tune the security.http settings in my hugo.yaml, and I want to define rules as follows:

1. Allow GET requests to all URLs (.*)
2. Allow POST requests only to a specific URL, e.g., https://<third-party integration services>/api/xxx
3. Block POST requests to everything else

Like this:

security:
  http:
    - mediaTypes: null
      methods: ["(?i)GET"]
      urls: [".*"]

    - mediaTypes: null
      methods: ["(?i)POST"]
      urls:
        - ^https://other-api\.example\.com/.*

The current security.http config format seems to only accept a map.

Is there a way (current or planned) to support different HTTP methods for different URL patterns in security.http?