HPCC-25134 Restrict workunit token use to internal eclservices in cloud

Signed-off-by: Anthony Fishbeck <anthony.fishbeck@lexisnexisrisk.com>

common/workunit/workunit.cpp

@@ -7611,6 +7611,10 @@ bool extractFromWorkunitDAToken(const char * distributedAccessToken, StringBuffe
 //   Throws if unable to open workunit
 wuTokenStates verifyWorkunitDAToken(const char * ctxUser, const char * daToken)
 {
+    #ifdef _CONTAINERIZED
+    if (!queryComponentConfig().getPropBool("@wuTokens", false))
+        return wuTokenInvalid;
+    #endif
     if (isEmptyString(daToken))
     {
         ERRLOG("verifyWorkunitDAToken : Token must be provided");

esp/applications/eclservices/esp.yaml

@@ -5,6 +5,7 @@ esp:
    loadDaliBindings: false
    auth: ldap
    tls: true
+   wuTokens: true
    port: 8880
    enableSEHMapping: true
    httpConfigAccess: true