Authentication bypass vulnerability in navidrome's subsonic endpoint in github.com/navidrome/navidrome