Comment 1 for bug 1934039

"required_by_policy" in the API definition just means that this field is used in the policy evaluation.
The default policy rules (defined in the code) assume the auth strategy is keystone, so we cannot drop required_by_policy from the API definition.

If you would like to use "noauth" as the auth strategy, you need to customize the policy rules too so that the policy rules do not refer to project_id (i.e. tenant_id).

If you assume the default policy rules provided by neutron should work with auth_strategy=noauth, it is not our current target.