feat(tokenservice): enhance logging for service token authentication failures and add test for target service mismatch

[alexlovelltroy]

Description

This pull request enhances logging for authentication failures in the service token handler and adds a new test to ensure error messages do not leak sensitive information about target service mismatches. The main changes are grouped into improvements to logging, error handling, and testing.

Logging and error handling improvements:

• Added structured logging for authentication failures in ServiceTokenHandler, including a new helper method logServiceTokenAuthFailure that logs detailed reasons for denial based on the error message content.
• Added additional structured logging for forbidden service token requests, logging relevant request and service details when a request is denied due to validation failure.

Testing improvements:

• Added a new test TestTokenService_ServiceTokenHandler_TargetMismatchReturnsGenericUnauthorized to verify that when a target service mismatch occurs, the response is a generic unauthorized error and does not leak the specific reason in the response body.
• Added the strings package import to service_test.go to support new test assertions.

Checklist

• My code follows the style guidelines of this project
• I have added/updated comments where needed
• I have added tests that prove my fix is effective or my feature works
• I have run make test (or equivalent) locally and all tests pass
• DCO Sign-off: All commits are signed off (git commit -s) with my real name and email
• REUSE Compliance:
  • Each new/modified source file has SPDX copyright and license headers
  • Any non-commentable files include a <filename>.license sidecar
  • All referenced licenses are present in the LICENSES/ directory

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation update

---

For more info, see Contributing Guidelines.