Support auth token as search/query param for EventSource endpoint

Native JS `EventSource` doesn't support defining headers, so the only way to pass the auth token is via a search/query parameter.

The auth strategy already supports `api_key` as query param but consider it's content only as a ContextSession and not a potential auth token