[ENH] Add authentication to `/query` route

[alyssadai]

• Closes #322
• See also https://github.com/neurobagel/federation-api/pull/104 for related implementation

Changes proposed in this pull request:

• /query route now expects an authorization token by default
• added logic to verify token using google-auth
• added new optional env vars:
  • NB_QUERY_CLIENT_ID: Client ID of query tool
  • NB_ENABLE_AUTH: Whether or not to enable authentication (will determine if client ID is also checked)
• existing tests of /query route updated to use mock token
• added filters to tests of startup events to suppress the startup warning about unset NB_API_ALLOWED_ORIGINS (when this warning is irrelevant to the test)

Checklist

This section is for the PR reviewer

• [x] PR has an interpretable title with a prefix ([ENH], [FIX], [REF], [TST], [CI], [MNT], [INF], [MODEL], [DOC]) (see our Contributing Guidelines for more info)
• [x] PR has a label for the release changelog or skip-release (to be applied by maintainers only)
• [x] PR links to GitHub issue with mention Closes #XXXX
• [x] Tests pass
• [x] Checks pass

For new features:

• [x] Tests have been added

For bug fixes:

• [ ] There is at least one test that would fail under the original bug conditions.

[coveralls]

Pull Request Test Coverage Report for Build 9965920732

Details

• 105 of 107 (98.13%) changed or added relevant lines in 8 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+0.2%) to 95.927%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
app/api/security.py	18	19	94.74%
tests/test_security.py	26	27	96.3%
<!--	Total:	105	107	98.13%	-->

Totals
Change from base Build 9820579396:	0.2%
Covered Lines:	683
Relevant Lines:	712

---

💛 - Coveralls

[neurobagel-bot[bot]]

:rocket: PR was released in v0.3.0 :rocket: