Fix authentification in BSC/Distconf (#15375)

Author: mregrock

ydb/core/cms/console/console_handshake.cpp

@@ -33,6 +33,7 @@ class TConfigsManager::TConsoleCommitActor : public TActorBootstrapped<TConsoleC
 
     void Bootstrap(const TActorId& consoleId) {
         auto executeRequest = [&](auto& request) {
+            request->Record.SetBypassAuth(true);
             request->Record.MutableRequest()->set_config(MainYamlConfig);
             request->Record.MutableRequest()->set_allow_unknown_fields(AllowUnknownFields);
             Send(consoleId, request.release());

ydb/core/grpc_services/rpc_config.cpp

@@ -156,6 +156,11 @@ class TReplaceStorageConfigRequest : public TBSConfigRequestGrpc<TReplaceStorage
                 return;
             }
         }
+        if (!NKikimr::IsAdministrator(AppData(), Request_->GetSerializedToken())) {
+            self->Reply(Ydb::StatusIds::UNAUTHORIZED, "User is not a database administrator.",
+                  NKikimrIssues::TIssuesIds::ACCESS_DENIED, self->ActorContext());
+            return;
+        }
         self->Become(&TReplaceStorageConfigRequest::StateFunc);
         self->Send(MakeBlobStorageNodeWardenID(ctx.SelfID.NodeId()), new TEvNodeWardenQueryStorageConfig(false)); 
     }