Add authenticate to events api. fix #49255

What does this MR do?

Allow access to /events as the authenticated user if the access token has read_user scope.

Are there points in the code the reviewer needs to double check?

Why was this MR needed?

api scope was required for access, even though the documentation points out that it is not required.

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

• Changelog entry added, if necessary
• Documentation created/updated
• API support added
• Tests added for this feature/bug
• Conform by the code review guidelines
  • Has been reviewed by a UX Designer
  • Has been reviewed by a Frontend maintainer
  • Has been reviewed by a Backend maintainer
  • Has been reviewed by a Database specialist
• Conform by the merge request performance guides
• Conform by the style guides
• Conform by the database guides
• If you have multiple commits, please combine them into a few logically organized commits by squashing them
• Internationalization required/considered
• End-to-end tests pass (package-and-qa manual pipeline job)

What are the relevant issue numbers?

#49255 (closed)