WS-2449: Use cookie auth for UAS instead of Authorization header

[elvinasv]

Resolves JIRA: https://bbc.atlassian.net/browse/WS-2449

Summary

• Use cookie based auth (where ckns_atkn is attacked to the request) instead of authorization header

Code changes

• List key code changes that have been made.

Testing

1. List the steps required to test this PR.

Useful Links

• Coding Standards
• Repository use guidelines
• Add Links to useful resources related to this PR if applicable.

[Copilot]

Pull request overview

Updates the UAS client authentication approach to rely on cookie-based auth rather than sending an Authorization bearer token header.

Changes:

• Removes reading ckns_atkn from js-cookie and stops constructing Authorization / X-Authentication-Provider headers.
• Keeps X-API-Key header generation and tightens the missing-config error to only cover the API key.

[Copilot]

This change removes the Authorization / X-Authentication-Provider headers, but existing UAS request tests still assert those headers and also assert an error when the ckns_atkn cookie is missing. With cookie-based auth, these expectations should be updated (e.g. only assert X-API-Key, and remove/replace the cookie-missing error case) so CI reflects the new authentication mechanism.

[Copilot]

The file is named getAuthHeader.ts but the exported function is getAuthHeaders. Consider renaming either the file or the function so singular/plural naming is consistent and easier to discover via imports/search.

[Copilot]

The thrown error is fairly generic; including the env var name (SIMORGH_UAS_PUBLIC_API_KEY) in the message would make misconfiguration easier to diagnose from logs.

Suggested change

	throw new Error('Missing UAS public API key');
	throw new Error(
	'Missing required environment variable: SIMORGH_UAS_PUBLIC_API_KEY',
	);