Allow AuthorizationControl to run without Warden

As explained in 36c44a5487, it's not normally good to change production code to make testing easier.
But this tiny change makes it more robust, and enables much simpler specs.

engines/dfc_provider/app/services/dfc_provider/authorization_control.rb

@@ -32,7 +32,7 @@ module DfcProvider
     end
 
     def ofn_user
-      @request.env['warden'].user
+      @request.env['warden']&.user
     end
 
     def decode_token