Given a list of clinics, all having their own FHIR server, we can suppose a system registry containing all the Endpoints as explained here https://www.hl7.org/fhir/managing.html.
1: How do you authenticate and authorize an actor(a clinic) that wants to query over all the servers from the system registry?
2: What if a patient wants to query his data from multiple servers?
You can't, necessarily. It would depend on the scope of the registry and whether the different endpoints had a shared authentication protocol/service. It's certainly possible for someone to have a registry where all of the end-points did share a common authorization service and even single-sign-on, but it's not something that can be presumed without prior agreement/knowledge of that server/community
Unless one of the servers performs an aggregation function or synchronizes data from the other servers, the only choice is to query each server. This could theoretically be done in parallel. However, it may be desirable/necessary to detect duplicate records from different result sets and filter/merge the results.