Add AuthN & AuthZ to API endpoints

[robmccrady]

The ApplicationEndpoints need to be locked down so that they can be called only by Authorized identities.
The Webhook API endpoints also need to be locked down.

I think an EntraGroup called "AdminApiConsumers"
that has:
The Managed Identities of: The main Application, and the Webhook Receiver functions.
ONE OF my identities.

The API app must return a 401/403 response to any request coming from something not in that Entra group.