Most controllers call `ApplicationController#auth_user` first, which
ensures that the currently-logged in user will be memoized
properly. However, controllers such as `GraphQlController` allows
sessionless access via the `PRIVATE-TOKEN` header. They authenticate
access via `authenticate_sessionless_user!`.

Since `auth_user` is memoized before `authenticate_sessionless_user!`
gets to run, `ApplicationController#context_user` relies on a stale
`auth_user` value if a sessionless user is used. As a result,
`GraphQlController` erroneously logs that an anonymous user accessed
an endpoint when an actual user was responsible.

To fix this, we need to update `authenticate_sessionless_user!` so
that it flushes the memoization of `auth_user` if a sessionless user
has logged in. Note that we have to be careful not to call
`current_user` for anonymous users because each attempt will cause a
Warden reauthentication attempt.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/356213

Changelog: fixed