graphql: Apply authorization on /_search endpoint

[eusebiu-constantin-petu-dbk]

Describe the bug Apply authorization for _search endpoint (graphql)

Currently authorization is applied only for dist-spec routes and not for graphql.

On a request context we store the repositories on which a user has read access, and later used them when the user GETs the catalog for example, to filter out the repos on which he doesn't have access.

Do the same for _search endpoint.

[andaaron]

See: https://gqlgen.com/recipes/authentication/