Use API key auth for OTLP in local development

[JamesNK]

Previous PR added API key auth to OTLP endpoint. There is the opportunity to secure the local dev environment by using API key auth and having the host co-ordinate the dashboard and user apps.

This PR:

• Generates a random API key each time the app host is run.
• Passes environment variables to dashboard to enable API key auth, and the expected API key.
• Passes environment variables to ups to add API key header to OTLP requests.
• Can be disabled by passing DOTNET_DISABLE_OTLP_API_KEY_AUTH=true setting to apphost.

Microsoft Reviewers: Open in CodeFlow

[JamesNK]

FYI @martinjt

I've looked at how your https://github.com/practical-otel/opentelemetry-aspire-collector/ works and I believe it will need some changes but should continue to be possible if API key auth is added to the dashboard's OTLP endpoint.

You'll need to:

• Read the API key from the AppHost:OtlpApiKey config setting.
• Pass the API key to collector container as an env var
• Update the config file to include an x-otlp-api-key header to the exporter.
• Consider removing the OTEL_EXPORTER_OTLP_HEADERS env var that is passed to apps. They don't need it if they're talking to the collector.

AppHost:OtlpApiKey config setting won't be present if the feature is disabled.

[martinjt]

Cool, I can do that, I'm assuming thar will be Preview 5?

[JamesNK]

Yes, preview 5.