Per https://www.mediawiki.org/wiki/API:Login#Additional_notes we can verify that some user is logged in (without matching the user name) via assert=user in API requests. This should "prevent leaking IP addresses during editing" work for logged in user on setups that do not support central auth while still allowing for the user (name) to diverge.
AC
- in ForeignApiWritingRepository use assert=user instead of assertuser=<username>
- conditionally send it depending on whether the user is logged in on the client