To get closer to a real-world application, we should implement aspects of access control that show how authentication and authorization are implemented within a Quarkus application. As mentioned here, we should focus on Keycloak for authentication and authorization based on JWT.
There was a PR to add those aspects for our old reference application in the devonfw-microservice repo: devonfw-forge/devonfw-microservices#32

To keep the application as simple as it is now, maybe we can add a new branch for this feature.