Ensure that ActionListener is called exactly once

This bug was introduced in #36893 and had the effect that
execution would continue after calling onFailure on the the
listener in checkIfTokenIsValid in the case that the token is
expired. In a case of many consecutive requests this could lead to
the unwelcome side effect of an expired access token producing a
successful authentication response.

Author: jkakavas

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java

@@ -1017,8 +1017,7 @@ private void checkIfTokenIsValid(UserToken userToken, ActionListener<UserToken>
         Instant currentTime = clock.instant();
         if (currentTime.isAfter(userToken.getExpirationTime())) {
             listener.onFailure(traceLog("validate token", userToken.getId(), expiredTokenException()));
-        }
-        if (securityIndex.indexExists() == false) {
+        } else if (securityIndex.indexExists() == false) {
             // index doesn't exist so the token is considered invalid as we cannot verify its validity
             logger.warn("failed to validate token [{}] since the security index doesn't exist", userToken.getId());
             listener.onResponse(null);