auth: Fix IsAuthenticated to check context value

The IsAuthenticated function was checking for a "username" field in gRPC metadata, but the setAuthenticated function sets a context value with authenticatedKey{}. This mismatch meant IsAuthenticated would never return true even after successful authentication.

This commit fixes IsAuthenticated to check the context value that is actually set by setAuthenticated during successful token validation.

This is important for the limithandler middleware which uses IsAuthenticated to determine whether to apply unauthenticated rate limits.

Also adds tests for the IsAuthenticated function to verify it correctly identifies authenticated and unauthenticated contexts.