[BaseController::Authentication] Use :api_includes

Use the new `:lookup_scope` argument for `.authenticate` and
`.lookup_by_identity` to reduce the number of user based queries on
every request.

Author: NickLaMuro

app/controllers/api/base_controller/authentication.rb

@@ -87,7 +87,7 @@ def api_token_mgr
       end
 
       def auth_user(userid)
-        auth_user_obj = User.lookup_by_identity(userid)
+        auth_user_obj = User.lookup_by_identity(userid, lookup_scope: :api_includes)
         authorize_user_group(auth_user_obj)
         validate_user_identity(auth_user_obj)
         User.current_user = auth_user_obj
@@ -154,7 +154,7 @@ def authenticate_with_jwt
 
       def basic_authentication(username, password)
         timeout = ::Settings.api.authentication_timeout.to_i_with_method
-        user = User.authenticate(username, password, request, :require_user => true, :timeout => timeout)
+        user = User.authenticate(username, password, request, :require_user => true, :timeout => timeout, :lookup_scope => :api_includes)
         auth_user(user.userid)
       rescue MiqException::MiqEVMLoginError => e
         raise AuthenticationError, e.message