Multiple accounts/API keys with permissions #15
Description
Currently, Backup-chan only supports one API key per instance and only one password for Web UI. Anyone with the password or API key can do anything they want, including destructive actions.
For example, let's say we have a client application whose job is to download backups and nothing else. It doesn't create or delete anything, just scrape off our instance. If that program has a security issue that allows credentials to be extracted or requests be altered in some way, someone can easily wipe everything from the instance or whatever. But a program like this doesn't need full administrative access to our instance, so to mitigate this we should be able to create a new API key with read-only permissions.