fix: Fixes auth for forwarded requests for pull queries

[AlanConfluent]

Description

The PR #6665 made HARouting a singleton. Unfortunately, it also kept a reference to the service context rather than using the user-aware context. What this meant is that all forward requests did not provide authentication and failed. This didn't fail in testing because it requires more than two nodes to expose the forwarding failure, since HA makes the request fall back to the fowarder itself. For that reason, I made the routing functional test use auth, which does test the three node case and was able to expose the bug.

Testing done

PullQueryRoutingFunctionalTest with auth.

Reviewer checklist

• Ensure docs are updated if necessary. (eg. if a user visible feature is being added or changed).
• Ensure relevant issues are linked (description should include text like "Fixes #")

[guozhangwang]

Just a very nit question, otherwise LGTM!

[guozhangwang]

I'm curious why we have a makeAdminRequest and makeAdminRequestWithResponse here? Both of them call the same callee. Could we just have one makeAdminRequest that always returns (a potential empty list), and its callers can just ignore the returned value or not?

[AlanConfluent]

Sorry, just noticed your question. I don't think there's a reason to have two separate methods. I agree with you. I'll do a quick followup PR to fix this.

[agavra]

Great detective work figuring this out!

[agavra]

do we have a test trying out a user with no access? that will make sure that we haven't accidentally just changed it to allow all users 😆

[AlanConfluent]

We do have tests elsewhere that test auth for pull queries and check the negative case.