[logging] Log identity as part of API call logging (#14793)

## Change Description

- Adds the username dict to requests during auth checks
- Adds logging of that username dict (if available) during call logging

## Security Assessment

- This change has a medium security impact

### Impact Description

- Makes usernames explicitly visible in the system logs, so admins are
now able to track what individual users are doing or looking at.
- The userdata in request objects should be handled carefully, though it
does not include anything secret (ie nothing which would allow
impersonation if leaked)


(Reviewers: please confirm the security impact before approving)

gear/gear/auth.py

@@ -65,6 +65,7 @@ async def wrapped(request: web.Request) -> web.StreamResponse:
                     if redirect or (redirect is None and '/api/' not in request.path):
                         raise login_redirect(request)
                     raise web.HTTPUnauthorized()
+                request['userdata'] = userdata
                 return await fun(request, userdata)
 
             return wrapped

hail/python/hailtop/hail_logging.py

@@ -63,6 +63,10 @@ def log(self, request, response, time):
             'x_real_ip': request.headers.get("X-Real-IP"),
         }
 
+        userdata_maybe = request.get('userdata', {})
+        userdata_keys = ['username', 'login_id', 'is_developer', 'hail_identity']
+        extra.update({k: userdata_maybe[k] for k in userdata_keys if k in userdata_maybe})
+
         self.logger.info(
             f'{request.scheme} {request.method} {request.path} ' f'done in {time}s: {response.status}',
             extra={**extra, **request.get('batch_telemetry', {})},