Vault-4010 Unauthenticated panic when processing "help" requests (#14704)

* fix help panic

* add changelog entry

changelog/14704.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+core: Fix panic for help request URL paths without /v1/ prefix   
+```

http/help.go

@@ -1,7 +1,9 @@
 package http
 
 import (
+	"errors"
 	"net/http"
+	"strings"
 
 	"github.com/hashicorp/vault/helper/namespace"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -31,6 +33,10 @@ func handleHelp(core *vault.Core, w http.ResponseWriter, r *http.Request) {
 		respondError(w, http.StatusBadRequest, nil)
 		return
 	}
+	if !strings.HasPrefix(r.URL.Path, "/v1/") {
+		respondError(w, http.StatusNotFound, errors.New("Missing /v1/ prefix in path. Use vault path-help command to retrieve API help for paths"))
+		return
+	}
 	path := ns.TrimmedPath(r.URL.Path[len("/v1/"):])
 
 	req := &logical.Request{

http/help_test.go

@@ -13,7 +13,11 @@ func TestHelp(t *testing.T) {
 	defer ln.Close()
 	TestServerAuth(t, addr, token)
 
-	resp := testHttpGet(t, "", addr+"/v1/sys/mounts?help=1")
+	// request without /v1/ prefix
+	resp := testHttpGet(t, token, addr+"/?help=1")
+	testResponseStatus(t, resp, 404)
+
+	resp = testHttpGet(t, "", addr+"/v1/sys/mounts?help=1")
 	if resp.StatusCode != http.StatusForbidden {
 		t.Fatal("expected permission denied with no token")
 	}