This is necessary to support monitoring clients that are not able to use client-cert-auth, where a firewall provides the necessary protection of the server.
The existing template only allows the metrics entry to be added to auth.conf by defining an allow list of client certs and patterns. This proposed improvement would allow users to instead have allow-unauthenticated:true
In addition, being able to add a generic block to the file would give a way to provide temporary support for future requirements until such time as they are properly supported by the module.

Created PR #849 to provide this level of control.