Introduce optional task-level authorization for Execution API

[l3tchupkt]

This PR introduces optional task-level authorization checks for the Execution API endpoints (connections, variables, xcoms).

Currently, the Execution API relies on authentication only, which aligns with Airflow’s trusted-user model. This change adds a minimal, optional foundation for resource-level authorization to support future multi-team and multi-tenant use cases.

Key points:

• Authorization is controlled via ENABLE_EXECUTION_API_AUTHZ (default: False)
• When disabled, existing behavior is fully preserved
• When enabled, basic TaskInstance validation is enforced
• XCom endpoints include additional ownership checks for read/write operations
• Implementation is intentionally minimal and designed as a foundation for future enhancements

No breaking changes are introduced.

[boring-cyborg]

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contributors' Guide (https://github.com/apache/airflow/blob/main/contributing-docs/README.rst)
Here are some useful points:

• Pay attention to the quality of your code (ruff, mypy and type annotations). Our prek-hooks will help you with that.
• In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it.
• Consider using Breeze environment for testing locally, it's a heavy docker but it ships with a working Airflow and a lot of integrations.
• Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
• Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
• Be sure to read the Airflow Coding style.
• Always keep your Pull Requests rebased, otherwise your build might fail due to changes not related to your commits.
  Apache Airflow is a community-driven project and together we are making it better 🚀.
  In case of doubts contact the developers at:
  Mailing List: dev@airflow.apache.org
  Slack: https://s.apache.org/airflow-slack

[potiuk]

I think that would be something that will need to wait for the overall security model discussion for 3.2 - please join our devlist and watch for discussions there. Also I think the best way to start conversation is to join our dev calls in person and introduce yourself.

https://cwiki.apache.org/confluence/display/AIRFLOW/Regular+Town+Hall++and+Dev+Call

I will convert it to a draft in the meantime

[l3tchupkt]

@potiuk Thanks for the guidance.

I’ll join the devlist and follow the discussions around the security model. I’ll also try to attend one of the dev calls to better understand the design decisions before updating this further.

Appreciate the direction 👍