[bug] Repo images broken when anonymous access is not enabled

[brianphillips]

Describe the bug

When the "Enable anonymous access" setting is disabled, requests to URLs like /_next/image?url=%2Fapi%2F~%2Frepos%2F1%2Fimage&w=32&q=75 return a 400 error with a response body of The requested resource isn't a valid image.. It appears this is because it is proxying to an API route that expects to be made in the typical authenticated session but (presumably) the relevant incoming request headers are not proxied through to the upstream /api/repos/:repoId/image route.

To reproduce

1. Turn the "Enable anonymous access" setting off
2. Observe that requests like GET /api/~/repos/1/image require authentication (i.e. curl http://my-sourcebot-host/api/~/repos/1/image returns a 401)
3. Observe that requests to GET /_next/image?url=%2Fapi%2F~%2Frepos%2F1%2Fimage&w=32&q=75 return a 400 status, regardless of the authentication status of the incoming request

Sourcebot deployment information

Sourcebot version (e.g. v3.0.1): 4.9.0

Additional information

No response