Allow calling xblock_view API with OAuth creds

Description

We have a use case where we need to use the `xblock_view` REST API programatically (with OAuth authentication), but it only supported session authentication. This is a simple change to make it support all the usual API authentication methods.

Then, when testing that, I found that the `xblock_view` would also return all the HTML for the staff debug info / staff modal widgets, which doesn't make sense for typical usage of this API. I tweaked the code that adds that HTML so that if the `hide_staff_markup` context var is set, it won't include the markup. That way, the `xblock_view` API can be called with `?hide_staff_markup=true` and it will be excluded.

*Manual Test instructions (Docker Devstack)*:
1. In lms.env.json in your docker devstack's lms-shell, add "ENABLE_XBLOCK_VIEW_ENDPOINT": true, to the FEATURES: dict, then restart the LMS.
1. Create a test OAuth Application at http://localhost:18000/admin/oauth2_provider/application/add/ (type: confidential, grant type: Resource Owner Password Based)
2. Obtain OAuth access token for your a staff user:
```
curl -X POST -d "client_id={client_id}&client_secret={client_secret}&grant_type=password&username=staff&password=edx" http://localhost:18000/oauth2/access_token/
```
3. Verify that you can access the api with the resulting OAuth access token:
```
curl http://localhost:18000/courses/course-v1:edX+DemoX+Demo_Course/xblock/block-v1:edX+DemoX+Demo_Course+type@html+block@c2f7008c9ccf4bd09d5d800c98fb0722/view/student_view -H 'Authorization: Bearer {access_token}' -v
```
4. Repeat that but with `?hide_staff_markup=true` added to the URL, and note that the resulting HTML is much smaller.

*Notes*:
This is related to #19253, which does the same thing for XBlock handlers, albeit via a different mechanism.

Done

Assignee

Unassigned

Reporter

Open Source Pull Request Bot

Labels

None

Contributor Name

Braden MacDonald

Repo

edx/edx-platform

Customer

Epic Link

None

OSCM Assignee

None

Platform Map Area (Levels 1 & 2)

None

Platform Map Area (Levels 3 & 4)

None

Blended Hour Utilization Percentage

None

edX Theme

None

edX Squad

None

Github Lines Added

57

Github Lines Deleted

19

Priority

Unset