Ensure there is at most a single pending authorization check per (uid, serviceName) pair at any given time.

[mateusazis]

TODO follow-up from this conversation.

#10566 introduced asynchronous authorization checks. Previously, when there were only synchronous policies, the number of concurrent checks was naturally limited by the number of threads in the fixed-size executor they ran on. Now, the system just spawns new checks as requests come, so this leads to an unbounded number of checks.

This issue is currently mitigated by the fact that most requests should use caching, but we should still improve it for the rest.