Improve X-MS-CLIENT-PRINCIPAL payload parsing and error handling

[yorek]

When working locally and using the X-MS-CLIENT-PRINCIPAL header to simulate an authenticated call, as long as the JSON provided in the header is a correct JSON, no error is raised, even if there are none of the expected elements, as described here: https://learn.microsoft.com/en-us/azure/static-web-apps/user-information?tabs=javascript

For example. this JSON (passed as base64 encoded string) will be accepted without any warning or error:

{"message": "hello world"}

of course, this will not authenticate the request, but there is no way for the developer to know that the request as not been authenticated.

Would be great if we can

1. error or warn if we receive an X-MS-CLIENT-PRINCIPAL that doesn't contain any of the needed information
2. log what role the request has been assigned to

[seantleonard]

#759 added improved parser handling for SWA scenarios:

data-api-builder/src/Service/AuthenticationHelpers/StaticWebAppsAuthentication.cs

Lines 63 to 68 in 7548cc6

	// Null UserRoles collection indicates that SWA authentication failed
	// because all requests will at least have the 'anonymous role'
	if (principal is null || principal.UserRoles is null || !principal.UserRoles.Any())
	{
	return identity;
	}

Issue Resolution Criteria

This can be scoped down to the following tasks for AppService/SWA Auth handlers:

• Improving EasyAuth payload parsing handling to fail when expected.
• Unit/Integration tests to validate correct error handling behavior by the EasyAuth payload parsers.

data-api-builder/src/Service/AuthenticationHelpers/AppServiceAuthentication.cs

Lines 59 to 75 in 7548cc6

	try
	{
	string encodedPrincipalData = header[0];
	byte[] decodedPrincpalData = Convert.FromBase64String(encodedPrincipalData);
	string json = Encoding.UTF8.GetString(decodedPrincpalData);
	AppServiceClientPrincipal principal = JsonSerializer.Deserialize<AppServiceClientPrincipal>(json, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
	identity = new(principal.Auth_typ, principal.Name_typ, principal.Role_typ);
	if (principal.Claims != null)
	{
	foreach (AppServiceClaim claim in principal.Claims)
	{
	identity.AddClaim(new Claim(type: claim.Typ, value: claim.Val));
	}
	}
	}