Admin endpoints not using authentication

Upon doing this lab at re:Invent 2022, I noticed that admin endpoint for tenant-management (`/api/tenants`) is not using claims for authentication, being exposed. I suggest this being addressed for more become more adequate to how real-life apps would work.