All endpoints require authentication

[yamcodes]

Describe the bug

based on the specification some endpoints require auth:
https://realworld-docs.netlify.app/specifications/backend/endpoints/#create-article
some don't:
https://realworld-docs.netlify.app/specifications/backend/endpoints/#authentication

however we use a global auth token when it comes to the final openapi.json.

the auth should only be enforced upon the endpoints that need it, and it should be validated via directly via first-party tools and not with a custom checker. meaning, openapi/a validator should be the source of truth for validating the token, once we do that we'll be aligned and the final openapi.json will have tokens enforced only when needed

Reproduction

the repo itself as it is today

System Info

any

Validations

• Read the Contributing Guidelines.
• Check that there isn't already an issue that reports the same bug.
• Check that this is a concrete bug. For Q&A, open a GitHub Discussion.
• The provided reproduction is a minimal reproducible example of the bug.

[Hajbo]

The swagger works with or without auth tokens, we don't protect every endpoint. The articles PR introduces the optional auth too, because the response changes based on if it's an authenticated user or not.
I wonder how these endpoints with optional auth should show up in the openapi spec

[yamcodes]

I'll work on a proposal to tackle this issue after #78