When trying to set up integration tests for plow protege/plow update, I ran into the problem that apparently on the /v1/artifact/signed-url/<cksum> route, requests without a valid token are not authorized, even for public fields.

Things to do here:

• Adjust backend so that requests for fields without an Authorization header are permitted
• Adjust the logic in plow_cli/src/resolve.rs to not send an Authorization header if the field to be retrieved is public

Looks like this might be doable without backend changes by using the /v1/artifact/signed-url-by-field-hash/<cksum> route.