Fix TokenService always appearing used in Feature Usage (elastic#112263)

This commit adjusts the license checks in `TokenService` so that it does not count as "used" when it checks a token, as this causes a high rate of false positives due to the authentication chain model.

Author: gwbrown

docs/changelog/112263.yaml

@@ -0,0 +1,6 @@
+pr: 112263
+summary: Fix `TokenService` always appearing used in Feature Usage
+area: License
+type: bug
+issues:
+ - 61956

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java

@@ -470,7 +470,7 @@ public static String hashTokenString(String accessTokenString) {
      * verification that the token has not been revoked or is expired.
      */
     void tryAuthenticateToken(SecureString token, ActionListener<UserToken> listener) {
-        if (isEnabled() && token != null) {
+        if (shouldTryRealm() && token != null) {
             decodeToken(token.toString(), true, listener.delegateResponse((l, e) -> {
                 if (isShardNotAvailableException(e)) {
                     l.onResponse(null);
@@ -1964,8 +1964,10 @@ private static String getTokenIdFromDocumentId(String docId) {
         }
     }
 
-    private boolean isEnabled() {
-        return enabled && Security.TOKEN_SERVICE_FEATURE.check(licenseState);
+    private boolean shouldTryRealm() {
+        // Check license without tracking because this is just checking if we should *try* the realm - if this realm doesn't match,
+        // the next realm in the list will be checked, and that's not "using the feature"
+        return enabled && Security.TOKEN_SERVICE_FEATURE.checkWithoutTracking(licenseState);
     }
 
     private void ensureEnabled() {