The `crumbsIssuer` should be accessible (configurable) to anyone (ie: anonymous) even if anonymous read access is disabled as it prevents access to the API for commit hooks that do not require explicit authentication.

For example, in a commit hook that is trying to remotely trigger a build using an authentication token, the commit hook does not require specific username/password authentication.  However, in order to retrieve the necessary CSRF crumb to pass to the POST request, it requires authentication credentials to retrieve it from the `crumbsIssuer` endpoint.

Steps to reproduce:

• disable anonymous access to Jenkins
• try to access the crumbsIssuer endpoint (http://JENKINSHOST/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)