fix(auth): allow unauthenticated access to health and version endpoints

The AuthenticationMiddleware was blocking all requests without an
Authorization header, including health and version endpoints that are
needed by monitoring tools, load balancers, and Kubernetes probes.

This commit adds a `require_authentication` parameter to the @webmethod
decorator (defaults to True). Endpoints can opt out of authentication by
setting `require_authentication=False`. The /health and /version endpoints
now use this parameter to allow unauthenticated access.

Changes:
- Add `require_authentication` field to WebMethod dataclass
- Update @webmethod decorator to accept `require_authentication` parameter
- Mark /health and /version endpoints with `require_authentication=False`
- Update middleware to check webmethod.require_authentication dynamically

Closes: #3735

Signed-off-by: Derek Higgins <derekh@redhat.com>

llama_stack/apis/inspect/inspect.py

@@ -73,7 +73,7 @@ class Inspect(Protocol):
         """
         ...
 
-    @webmethod(route="/health", method="GET", level=LLAMA_STACK_API_V1)
+    @webmethod(route="/health", method="GET", level=LLAMA_STACK_API_V1, require_authentication=False)
     async def health(self) -> HealthInfo:
         """Get health status.
 
@@ -83,7 +83,7 @@ class Inspect(Protocol):
         """
         ...
 
-    @webmethod(route="/version", method="GET", level=LLAMA_STACK_API_V1)
+    @webmethod(route="/version", method="GET", level=LLAMA_STACK_API_V1, require_authentication=False)
     async def version(self) -> VersionInfo:
         """Get version.