[PermissionService] Update authenticated user handling #7094

	name: maintenance

	on:
	push:
	branches: [master]
	pull_request:
	branches: [master]

	concurrency:
	cancel-in-progress: true
	group: ${{ github.workflow }}-${{ github.ref_protected && github.run_id \|\| github.event.pull_request.number }}

	permissions: # added using https://github.com/step-security/secure-workflows
	contents: read

	jobs:
	docker_build:
	if: ${{ github.event.type }} == "PullRequest"
	runs-on: ubuntu-latest
	steps:
	# See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
	# configuring harden-runner and identifying allowed endpoints.
	- name: Harden Runner
	uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	*.cloudfront.net:443
	archive.ubuntu.com:80
	auth.docker.io:443
	files.pythonhosted.org:443
	github.com:443
	production.cloudflare.docker.com:443
	public.ecr.aws:443
	pypi.org:443
	registry-1.docker.io:443
	security.ubuntu.com:80
	# For subfolders, currently a full checkout is required.
	# See: https://github.com/marketplace/actions/build-and-push-docker-images#path-context
	- name: Checkout repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	fetch-depth: 0
	- name: Build maintenance image
	run: \|
	deploy/scripts/build.py --components maintenance
	shell: bash
	- name: Image digest
	run: \|
	docker image inspect combine_maint:latest -f '{{json .Id}}'
	shell: bash

Provide feedback