Currently, the Prometheus metrics are exported via the data panel's port.
It means the metrics can be accessed from the public internet by default.
Although we can configure some rules to block it, this behavior is not
safe by default.
Therefore we need to provide a new address to export the metrics.
My suggestion is to export the metrics in "127.0.0.1:9091". The
configuration is like that:
```
prometheus:
export_uri: /apisix/prometheus/metrics
export_address:
ip: "127.0.0.1"
port: 9091
```
If people comment out the `export_address` field, the metrics will be
exported like before.
If people do nothing, the metrics will be exported in a new address,
which is a break change but avoids security risk.
