feat(auth): include token header for catalog search

[apetersson]

This PR sends auth headers for catalog search API calls that will be auth-required server-side.

note: This PR has been created with LLM assistance (codex). The change is not very big though, but necessary for my self-hosted resource protection to prevent DOS.

What changed

• Add Authorization headers (via existing makeHeader()) to:
  • exercise translation search service
  • ingredient search service

Why

• Prepares React client for backend change:
  • future wger PR: feat(api): require auth for public catalog endpoints
• Prevents 403s after backend auth enforcement.

Compatibility

• Backward compatible with current backend behavior:
  • authenticated requests already work
  • adding header does not break endpoints that still allow anonymous access
• Safe to merge before backend PR.

Inter-dependency

• Depends functionally on users being logged in once backend PR is live.
• Should be merged/deployed before or together with backend auth-enforcement PR to avoid regressions in search UX.

I double-checked wger-flutter and for current app flow this should not break.

What I verified:

• The app only loads main content after auth state is loggedIn:
  • main.dart
  • loggedOut shows login screen, not exercise/nutrition screens.
• Catalog endpoints are called through WgerBaseProvider.fetch(...), which always sends auth:
  • base_provider.dart
• The protected endpoints are used in authenticated providers:
  • language, exerciseinfo, exercise/search in exercises.dart
  • ingredientinfo in nutrition.dart
• UI callers (exercise/ingredient autocompleters) are inside post-login screens:
  • autocompleter.dart
  • widgets.dart

Conclusion:

• With current architecture, requiring auth for those catalog endpoints is compatible with wger-flutter.

[rolandgeider]

Hi! Would you then block all access to API endpoints that don't send a token in the header?