feat: request authorizers with null identitySource should return 401

[rion18]

Description

According to the official Amazon docs, whenever you set a request authorizer with a specific identity source, such as $request.header.Authorization, and a request comes WITHOUT this identity source, then API Gateway responds with a 401 Unauthorized error.

Motivation and Context

Currently, when doing a request to a function that has an Authorizer attached to it, if the identitySource is not present on the request, then serverless-offline responds with an error 500. I've made the change so it returns a 401 instead.

How Has This Been Tested?

The request-authorizers suite of tests have been updated with a new test case per describe block (this change applies to payload format 1.0, 2.0 with simple response, with headers/query params).

We previously had a test with description should fail with an Unauthorized error.
Now, we have TWO tests, one with description should fail with an Unauthorized error when identity source is explicitly not handled and another one with should fail with an Unauthorized error when identity source is not present on the request.

[dnalborczyk]

thank you again @rion18 !! much appreciated!

[rion18]

My pleasure.

[kohanian]

@rion18 thanks for fixing this!