fix(authz-keycloak): strip query string when resolving resources with lazy_load_paths

[SkyeYoung]

Description

Summary

• Fix authz-keycloak plugin to use ctx.var.uri instead of ctx.var.request_uri when resolving resources with lazy_load_paths=true, ensuring query parameters are stripped before sending to Keycloak's resource registration endpoint

What's the problem?

When lazy_load_paths=true is enabled, the plugin incorrectly includes query parameters when calling Keycloak's UMA resource registration endpoint (resource_set?matchingUri=true). This causes Keycloak to fail resource matching with "invalid_resource" errors.

For example, a request to /api/items?country=es would send the full URI including query string to Keycloak, which cannot match it against a resource configured with URI /api/items.

What's the solution?

Replace ctx.var.request_uri (path + query string) with ctx.var.uri (path only) when resolving resources. This aligns with Keycloak's official Policy Enforcer behavior which uses request.getRelativePath().

Which issue(s) this PR fixes:

Fixes #12785

Checklist

• I have explained the need for this PR and the problem it solves
• I have explained the changes or the new features added to this PR
• I have added tests corresponding to this change
• I have updated the documentation to reflect this change
• I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)