Temporary auth token for file downloads

[jsun-m]

Add temporary token for authenticating download requests directly from the browser.

Update to AuthMiddleware: Allow pass through for auth middle if authorization token is not specified. This means auth middleware mainly handles parsing and acquisition of user detail rather than authenticating. Authentication is moved to the auth wrappers instead (WithWorkspaceAuth and WithClusterAdminAuth). This was necessary to expose the DownloadFileWithToken to an unauthenticated route