EXT-1423 audit trace merge stream-nb-25-1

[StekPerepolnen]

• EXT-1540 added basic monitoring tests (EXT-1540 added basic monitoring tests #25538)
• EXT-1423 added auth lwtrace (EXT-1423 added auth lwtrace #25924)

Changelog category

• Improvement

Description for reviewers

Problem
The lwtrace endpoints currently requires no authorization.
The lwtrace interface is available through the Developer UI, which is not available for users without MonitoringAllowedSIDs list.
The issue was discovered while adding audit logs. Noticed that we don't populate subject field with the userSID for /trace endpoint.

Limitations of lwtrace
The /trace page is registered as an index page by calling NLwTraceMonPage::RegisterPages(IndexMonPage.Get()). Currently each type of endpoint has its own authorization with significant duplication, but index pages no authorization mechanism, and you cannot assign access rights during registration.

Solution: Adding an index-paged service with handler authorization
New instance of THttpMonIndexService service has been added. It is used to handle index pages that require authorization.
An index page path can be registered as an actor handler with the required permissions specified (currently added only for lwtrace). After authorization, the index page will be processed as before.

Scope
The changes affect only /trace handler and /ydb/core/mon service.

audit log example

2025-09-17T16:58:41.309491Z: {"reason":"Execute","params":"mode=probes","sanitized_token":"ne1CvkBCh5hY2Nlc3N0b2tlbi1lMHRoMDNicjJ5a2pzYWo4OWMSIXVzZXJhY2NvdW50LWUwdHI3OGJjZ2Z6bng0eTQwOXM1Nhp_ChpzZXNzaW9uLWUwdHh6a3RrNzc3MnBudHl6MxAEGl8KGnNlc3Npb24tZTB0bm45YndhbnRrNjV0am1xEAQaPwoZc2VydmljZWFjY291bnQtZTB0aWFtLWNwbBADGiAKHHB1YmxpY2tleS1lMHRwdGNyMjNmMzR2aGdna3gQASoQbXZwLW9pZGMtdGVzdGluZzIMCMHRq8YGELHolZEBOgwIzYmtxgYQxPCOtQFIAloDZTB0.**","remote_address":"2a13:5947:111:20::cc7c:545b","method":"GET","status":"IN-PROCESS","subject":"tenantuseraccount-e0tg829s16770fh6qkha6@as","operation":"HTTP REQUEST","folder_id":"ydbui-e0tydb-testing-nebius-dev-container","url":"/trace","component":"monitoring"}
2025-09-17T16:58:41.322365Z: {"reason":"200 Ok","params":"mode=probes","sanitized_token":"ne1CvkBCh5hY2Nlc3N0b2tlbi1lMHRoMDNicjJ5a2pzYWo4OWMSIXVzZXJhY2NvdW50LWUwdHI3OGJjZ2Z6bng0eTQwOXM1Nhp_ChpzZXNzaW9uLWUwdHh6a3RrNzc3MnBudHl6MxAEGl8KGnNlc3Npb24tZTB0bm45YndhbnRrNjV0am1xEAQaPwoZc2VydmljZWFjY291bnQtZTB0aWFtLWNwbBADGiAKHHB1YmxpY2tleS1lMHRwdGNyMjNmMzR2aGdna3gQASoQbXZwLW9pZGMtdGVzdGluZzIMCMHRq8YGELHolZEBOgwIzYmtxgYQxPCOtQFIAloDZTB0.**","remote_address":"2a13:5947:111:20::cc7c:545b","method":"GET","status":"SUCCESS","subject":"tenantuseraccount-e0tg829s16770fh6qkha6@as","operation":"HTTP REQUEST","folder_id":"ydbui-e0tydb-testing-nebius-dev-container","url":"/trace","component":"monitoring"}

[github-actions]

⚪ 2025-09-29 09:46:12 UTC Pre-commit check linux-x86_64-relwithdebinfo for 5aaed27 has started.
⚪ 2025-09-29 09:46:16 UTC Artifacts will be uploaded here
⚪ 2025-09-29 09:49:24 UTC ya make is running...
🟡 2025-09-29 11:25:18 UTC Some tests failed, follow the links below. Going to retry failed tests...

Test history | Ya make output | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
28304	25786	0	5	2452	61

⚪ 2025-09-29 11:27:40 UTC ya make is running... (failed tests rerun, try 2)
🟢 2025-09-29 11:51:21 UTC Tests successful.

Test history | Ya make output | Test bloat | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
122 (only retried tests)	62	0	0	0	60

🟢 2025-09-29 11:51:29 UTC Build successful.
🟢 2025-09-29 11:51:46 UTC ydbd size 2.1 GiB changed* by +10.3 KiB, which is < 100.0 KiB vs stream-nb-25-1: OK

ydbd size dash	stream-nb-25-1: 96f3383	merge: 5aaed27	diff	diff %
ydbd size	2 272 638 608 Bytes	2 272 649 144 Bytes	+10.3 KiB	+0.000%
ydbd stripped size	480 408 152 Bytes	480 409 624 Bytes	+1.4 KiB	+0.000%

^{*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation}

[github-actions]

⚪ 2025-09-29 09:46:28 UTC Pre-commit check linux-x86_64-release-asan for 5aaed27 has started.
⚪ 2025-09-29 09:46:32 UTC Artifacts will be uploaded here
⚪ 2025-09-29 09:49:40 UTC ya make is running...
🟡 2025-09-29 11:25:28 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet Going to retry failed tests...

Test history | Ya make output | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
14321	14169	0	57	58	37

⚪ 2025-09-29 11:26:43 UTC ya make is running... (failed tests rerun, try 2)
🟡 2025-09-29 11:51:11 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet Going to retry failed tests...

Test history | Ya make output | Test bloat | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
213 (only retried tests)	113	0	16	50	34

⚪ 2025-09-29 11:51:21 UTC ya make is running... (failed tests rerun, try 3)
🟡 2025-09-29 12:17:46 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet

Test history | Ya make output | Test bloat | Test bloat | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
135 (only retried tests)	41	0	13	48	33

🟢 2025-09-29 12:17:54 UTC Build successful.
🟢 2025-09-29 12:18:20 UTC ydbd size 3.7 GiB changed* by +21.7 KiB, which is < 100.0 KiB vs stream-nb-25-1: OK

ydbd size dash	stream-nb-25-1: 96f3383	merge: 5aaed27	diff	diff %
ydbd size	3 954 679 944 Bytes	3 954 702 192 Bytes	+21.7 KiB	+0.001%
ydbd stripped size	1 384 331 248 Bytes	1 384 339 632 Bytes	+8.2 KiB	+0.001%

^{*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation}