Fix: Handle missing `Authentication` on queries
Because unauthenticated requests are allowed, we can't expect the
Authentication
to be non-null. We can instead wrap it with an
Optional
to force downstream classes to more safely interact with it.