fix(middleware): guard request.auth access in is_frontend_request

[sentry]

This PR addresses an AttributeError: 'WSGIRequest' object has no attribute 'auth' occurring in src/sentry/middleware/__init__.py within the is_frontend_request function.

Root Cause:
The is_frontend_request function was directly accessing request.auth. While type-hinted for a DRF Request (which has an .auth attribute), it was being called by middleware like access_log_middleware with plain Django WSGIRequest objects. These WSGIRequest objects do not possess an .auth attribute, leading to an AttributeError for requests that are short-circuited (e.g., redirects, internal RPC calls) before DRF authentication can populate the attribute.

Solution:

1. Guard request.auth access: Changed request.auth is None to getattr(request, "auth", None) is None in is_frontend_request. This defensive access prevents the AttributeError by safely checking for the attribute's existence. This aligns with the pattern already used by _get_request_auth in access_log.py.
2. Update type hint: Modified the type hint for the request parameter in is_frontend_request from Request to HttpRequest | Request. This accurately reflects that the function can receive both Django's base HttpRequest and DRF's Request objects, improving type safety and clarity.

This fix eliminates a significant source of handled AttributeError logs (over 31k events) without altering the intended statistical behavior of is_frontend_request.

Legal Boilerplate

Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.

Fixes SENTRY-3VXH