Defer multi-delete authorization to handler

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

auth/service.go

@@ -188,6 +188,13 @@ func (s *Service) AuthenticateRequest(r *http.Request) (RequestContext, error) {
 			AuthType:      authType,
 		}, nil
 	}
+	if RequiresHandlerAuthorization(r) {
+		return RequestContext{
+			Authenticated: true,
+			AccessKeyID:   identity.AccessKeyID,
+			AuthType:      authType,
+		}, nil
+	}
 
 	policy, err := s.store.GetAuthPolicy(identity.AccessKeyID)
 	if err != nil {