[keyserver] update claim username responder to take username and password

Summary: logged out clients will be anonymous viewers to the keyserver, so we'll need a username and password to attest that the user is who they say they are

Test Plan: tested in following diff by calling the responder and then using the message from the keyserver to successfully authenticate with identity service

Reviewers: ashoat

Reviewed By: ashoat

Subscribers: tomek

Differential Revision: https://phab.comm.dev/D12258