(PUP-3855) Force invalid environment on request to use check_auth
In previous commits, if a request included an environment which is
invalid, an ArgumentError indicating that the environment is invalid was
returned to the caller. This could be used maliciously by
unauthenticated/unauthorized callers to determine which environments are
valid on the server.
This commit causes uri2indirection to call through to
check_authorization even if the supplied environment on the request was
invalid. If the check_authorization call fails because an environment
restriction was imposed in auth.conf, the caller will now see a generic
"Forbidden request" response with no context about the environment being
invalid, mitigating the information disclosure concern. If the
check_authorization call does not fail but the environment is still
invalid, an ArgumentError indicating that the environment was not found
is still returned to the caller. This ensures for backward
compatibility for cases that the caller is sufficiently authenticated
and authorized.