Fix race condition in check_auth

[vlad-ivanov-name]

When a lot of requests arrive roughly at the same time, several requests can enter the critical section where an HTTP request to upstream is made to check the auth provided by the client. This means that potentially thousands of requests can get through to the remote, leading to rate limits and network errors with some remotes.

• Fix the issue by extending the lock region
• Switch mutex to async to avoid blocking runtime
• Improve tracing

commit-id:d44447ef