How to protect firebase Cloud Function HTTP endpoint using authenticated id token and database rules?