use :only instead of :except callback option in the controller template

As [Security Guide](http://edgeguides.rubyonrails.org/security.html#whitelists-versus-blacklists)
says, it's better to use `before_filter only: []` instead of `except: []`
so we don't forget to turn the filter off for newly added actions.

Author: Francesco Rodriguez

railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb

@@ -4,8 +4,8 @@
 <% end -%>
 <% module_namespacing do -%>
 class <%= controller_class_name %>Controller < ApplicationController
-  before_action :set_<%= singular_table_name %>, except: [ :index, :new, :create ]
-  
+  before_action :set_<%= singular_table_name %>, only: [ :show, :edit, :update, :destroy ]
+
   # GET <%= route_url %>
   # GET <%= route_url %>.json
   def index
@@ -82,7 +82,6 @@ def destroy
     end
   end
 
-
   private
     # Use callbacks to share common setup or constraints between actions.
     def set_<%= singular_table_name %>