fix(auth): add rh-identity support to authorization middleware

The authorization middleware was missing a case for the rh-identity
authentication module. When using rh-identity auth with access_rules,
the match statement fell through to the default case which raised an
InternalServerError (HTTP 500) on every protected endpoint.

This adds proper handling for AUTH_MOD_RH_IDENTITY that:
- Uses NoopRolesResolver (all authenticated users get the "*" role)
- Applies GenericAccessResolver with configured access_rules
- Falls back to NoopAccessResolver if no access_rules are configured

Without this fix, rh-identity authentication works but authorization
fails silently with 500 errors.

Signed-off-by: Major Hayden <major@redhat.com>

Author: major

src/authorization/middleware.py

@@ -64,6 +64,17 @@ def get_authorization_resolvers() -> Tuple[RolesResolver, AccessResolver]:
                 GenericAccessResolver(authorization_cfg.access_rules),
             )
 
+        case constants.AUTH_MOD_RH_IDENTITY:
+            # rh-identity uses access rules for authorization, but doesn't extract
+            # roles from the identity header - all authenticated users get the "*" role
+            if len(authorization_cfg.access_rules) == 0:
+                return NoopRolesResolver(), NoopAccessResolver()
+
+            return (
+                NoopRolesResolver(),
+                GenericAccessResolver(authorization_cfg.access_rules),
+            )
+
         case _:
             response = InternalServerErrorResponse.generic()
             raise HTTPException(**response.model_dump())