refactor: Improve auth middleware tests and add build constraints

- Update multiple auth headers test to verify specific expected value
- Add build constraints to limit test support middleware to test/local builds
- Clarify comment about http.Header.Get behavior with multiple headers

Author: nexus49

middleware/auth_test.go

@@ -79,10 +79,10 @@ func TestStoreAuthHeader_WithEmptyAuthHeader(t *testing.T) {
 func TestStoreAuthHeader_MultipleAuthHeaders(t *testing.T) {
 	// Test behavior when multiple authorization headers are present
 	nextHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		// Should get the first/combined value
+		// Should get the first header value since http.Header.Get returns only the first value
 		authFromContext, err := context.GetAuthHeaderFromContext(r.Context())
 		assert.NoError(t, err)
-		assert.NotEmpty(t, authFromContext)
+		assert.Equal(t, "Bearer token1", authFromContext)
 
 		w.WriteHeader(http.StatusOK)
 	})

middleware/test_support/local_middleware.go

@@ -1,10 +1,13 @@
+//go:build test || local
+
 package local_middleware
 
 import (
 	"net/http"
 
 	"github.com/go-jose/go-jose/v4"
 	"github.com/golang-jwt/jwt/v5"
+
 	"github.com/platform-mesh/golang-commons/context"
 )