pub async fn require_auth(request: Request, next: Next) -> ResponseExpand description
Middleware that validates the bearer token against EMBACLE_API_KEY
The env var is read on every request to allow runtime key rotation
without restarting the server. If the variable is not set, all requests
are allowed through (localhost development mode). If set, requests must
include a matching Authorization: Bearer <key> header.