Consider adding authentication #4
Description
The authorizer does not support authentication at the moment. A malicious actor with access to the authorizer could submit credential IDs and determine which (if any) are included in the deny list. Another argument for adding authentication is to decrease the authorizer application's attack surface.
Adding authentication support through methods like mutual TLS would marginally increase overhead/request latency (and mayhaps increase attack surface considering the complexities of TLS). Another option is token authentication, but that would require managing another secret (HMAC) or including a third-party library for JWT validation (increased attack surface/supply chain risks).