Change unauthenticated responses to be cached in REST API (#24348)

app/controllers/api/base_controller.rb

@@ -6,6 +6,7 @@ class Api::BaseController < ApplicationController
 
   include RateLimitHeaders
   include AccessTokenTrackingConcern
+  include ApiCachingConcern
 
   skip_before_action :store_current_location
   skip_before_action :require_functional!, unless: :whitelist_mode?
@@ -13,6 +14,8 @@ class Api::BaseController < ApplicationController
   before_action :require_authenticated_user!, if: :disallow_unauthenticated_api_access?
   before_action :require_not_suspended!
 
+  vary_by 'Authorization'
+
   protect_from_forgery with: :null_session
 
   content_security_policy do |p|