Create express middleware function to verify API keys

[mwcz]

Create an express middleware function that verifies API keys, and apply that function to every express endpoint that needs auth.

Note, https://github.com/spaship/spaship/blob/master/packages/sync-service/lib/db.apikey.js already provides functions for creating, storing, and verifying API keys. This issue is asking for an express middleware function that uses db.apikey.js to enforce API key auth on certain endpoints. The function getUserByKey is the best one to use for validating that an incoming API key is valid.

It should work something like this:

1. HTTP request comes in
2. If no Authorization header, return 401
3. If Authorization header exists and is of the form Authorization: APIKey MY_API_KEY then get the value of MY_API_KEY and pass it into db.apikey.getUserByKey("MY_API_KEY") to determine if it's a valid key. Proceed to step 6.
4. If Authorization header exists and is of the form Authorization: Bearer MY_TOKEN then get the value of MY_TOKEN and validate it with a JWT validation library.
   1. If the token is valid, take the sub property (we treat this property as a UUID for users) and pass it into db.apikey.getKeysByUser(sub) and proceed to step 6.
5. If Authorization header exists but is not of the form Authorization: APIKey MY_KEY or Authorization: Bearer MY_TOKEN, then return a 403
6. If the function returns a non-empty array, allow the request to proceed (by passing through to the next middleware function). If it returns an empty array, return a 403.

Todo: determine which endpoints need auth.