feat: Warn when the registry server starts with authentication disabled

[AgentGymLeader]

Add a startup warning when the gRPC registry server is launched with authentication disabled (auth type no_auth).

Why

The registry server accepts control-plane writes such as applying feature views. Materializing those definitions loads user-provided transformation code on the registry host. When authentication is disabled the server accepts these requests unauthenticated, so it is only safe to run inside a trusted network boundary. Today nothing in the startup path signals this to the operator — the only startup logs are info-level TLS/non-TLS messages.

What

• Add _warn_if_auth_disabled(auth_manager_type), which emits a single logger.warning when the auth manager type is NONE.
• Call it from start_server right after the auth type is resolved.
• Add a unit test covering that the warning fires for NONE and stays silent for an authenticated type.

Behavior is unchanged; this only adds an operator-facing warning. This is a defense-in-depth / operator-visibility improvement, not a behavior change.

[suzunn]

I like that this keeps the behavior unchanged and only raises operator visibility. One regression I would add is a thin start_server-level test for the no_auth config path, with the security/server setup calls monkeypatched out. The helper tests prove the warning logic, but a startup-path test would also catch a future refactor that resolves auth_manager_type correctly and then accidentally stops calling _warn_if_auth_disabled before the server is exposed.

[AgentGymLeader]

@suzunn good call — added test_start_server_warns_when_auth_disabled in test_registry_server.py (c199704).

It calls start_server with a no_auth store config and monkeypatches init_security_manager (the step start_server invokes right after auth-type resolution) to assert the no_auth warning has already been emitted, then raises a sentinel to halt before anything binds. So a future refactor that resolves auth_manager_type correctly but stops calling _warn_if_auth_disabled before the server is exposed would fail this test — exactly the startup-path gap you flagged. The helper-level tests still cover the warning logic itself; behavior is otherwise unchanged.