Function bearer_auth_middleware 

pub async fn bearer_auth_middleware(
    req: Request<Body>,
    next: Next,
    expected_token: String,
) -> impl IntoResponse

Axum middleware that validates bearer token authentication.

Extracts the Authorization: Bearer <token> header from incoming requests and validates it against expected_token using constant-time comparison (via subtle::ConstantTimeEq) to prevent timing side-channel attacks.

Returns HTTP 401 with a JSON error body if:

• The Authorization header is missing
• The header value is not in Bearer <token> format
• The provided token does not match the expected token

See spec section 18.10.2.