Support Impersonation for GQL Backends

We would like to be able to pass user supplied tokens to our gql backends via the standard authorization http header. Current implementation of upstream crednetials overwrites all outgoing auth headers with the upstream token. Without an upstream credentials defined, we are unable to pass introspection.