Multi-tenant auth and routing in Kubernetes

In the first four chapters of this series I've talked about what the Auth Gateway decides. This chapter is about who it decides for. We run a multi-tenant platform. Every request, on every endpoint, belongs to one tenant. Get tenant resolution wrong and you don't have a security incident — you have a cross-tenant data leak incident, which is a category of bad you don't recover from. This chapter is the boring, careful, paranoid story of how NGINX and the Auth Service cooperate to never let a req