[reports] Always create AuthorizationCredential directly

Summary:
Noticed this while testing D10931.
For authenticated endpoints this doesnt matter because they're always behind auth middleware.
But for optionally-authenticated endpoints, the request extensions isn't set by the middleware so it's always None.
Using AuthorizationCredential::from_request() also does the extensions check if possible so it's better to call it instead.

Test Plan: Test plan for D10931

Reviewers: michal

Reviewed By: michal

Subscribers: ashoat, tomek

Differential Revision: https://phab.comm.dev/D10932