Skip authentication for rest OPTIONS call

this is required by CORS for unauthenticated pre-flight OPTIONS requests

Closes elastic/elasticsearch#234

Original commit: elastic/x-pack-elasticsearch@c368b2cf27

src/main/java/org/elasticsearch/shield/SecurityFilter.java

@@ -129,7 +129,12 @@ public class SecurityFilter extends AbstractComponent {
 
         @Override
         public void process(RestRequest request, RestChannel channel, RestFilterChain filterChain) throws Exception {
-            filter.authenticate(request);
+
+            // CORS - allow for preflight unauthenticated OPTIONS request
+            if (request.method() != RestRequest.Method.OPTIONS) {
+                filter.authenticate(request);
+            }
+
             filterChain.continueProcessing(request, channel);
         }
     }