CRUD handlers use auth dependant types even if auth is not enabled

[infomiho]

Because CRUD handlers are by default private they depend on auth being enabled in their definition.

We could do a couple of things:

• make CRUD handlers public by default if no auth is enabled
• make auth a requirement for using the CRUD feature

EDIT: this might be a case of using the wrong imports e.g. UnauthenticatedQueryDefinition should be used