BUG: API key does not correctly verify the `user or namespace`—any arbitrary token is accepted across all namespaces.

[type-checker]

Bug: API Key Not Validating User or Namespace

Description: The API key mechanism is not properly validating users or namespaces. Currently, any random token is accepted and grants access across all namespaces, regardless of the user or intended permissions.

Steps to Reproduce:

1. Use any random string as an API key, regardless of whether it has been generated, added to the Oxen server, is present, or is associated with any user or namespace.
2. Attempt to access resources across various users or namespaces using this token.
3. Notice that you are granted access to existing repositories and can even create new repositories in any namespace, regardless of ownership or whether the token is valid for that user or namespace.

Expected Behavior

• The API key should be strictly validated against the associated user and namespace.
• Only valid, authorized API keys should grant access to their specific namespace.
• Any invalid or unauthorized token should be rejected with an appropriate error message.

Impact

• This issue poses a significant security risk, as it allows unauthorized access to resources across all namespaces.

[jcelliott]

@type-checker are you running oxen-server with authentication enabled? It's not enabled by default.