Tasks can be submitted without authorization #1201
Description
The pass-through headers used by numtracker are only set if there are any present, and not cleared at the end of a plan. If an authenticated user submits a plan (eg via the CLI) the auth header is set.
If a second unauthenticated user submits a task with none of the required headers, the previous user's auth token is re-used and their credentials are used for authorisation.
To reproduce
$ # Run a plan as an authenticated user
$ blueapi -c tests/system_tests/config.yaml controller run -i cm1234 count '{"detectors": ["det"]}'
$ # Create and submit a task without supplying any headers
$ TASK_ID=$(curl ---json '{"name": "count", "params": {"detectors": ["det"]}, "instrument_session": "cm1234"}' http://localhost:8000/tasks | jq -r '.task_id')
$ curl -X PUT --json '{"task_id": "'$TASK_ID'"}' http://localhost:8000/worker/task