fix(security): disable reading config params from URL search params (#7697)

Reading configuration parameters from URL search params 
is by default no longer enabled. To re-enable it, set queryConfigEnabled
configuration parameter to true.

Functionally, this is a breaking change, but given we're just providing
a security vulnerability patch we're considering this a PATCH version bump
only.

Refs #4872
Refs https://github.com/swagger-api/swagger-ui/security/advisories/GHSA-qrmm-w75w-3wpx

docker/configurator/variables.js

@@ -23,6 +23,10 @@ const standardVariables = {
     type: "string",
     name: "urls.primaryName"
   },
+  QUERY_CONFIG_ENABLED: {
+    type: "boolean",
+    name: "queryConfigEnabled"
+  },
   LAYOUT: {
     type: "string",
     name: "layout"