Remove API key auth; CORS is sufficient.

The React UI running in a browser can't connect to the backend without
punching a hole for CORS, which isn't done by default. We don't need the
API key to protect from browsers, and anything else running on the
user's machine that can access the backend (that's hosted on only
localhost) already has enough control to do damage without using
Liberation as an attack vector.

https://github.com/dcs-liberation/dcs_liberation

game/server/app.py

@@ -1,4 +1,4 @@
-from fastapi import Depends, FastAPI
+from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
 
 from . import (
@@ -15,14 +15,9 @@ from . import (
     tgos,
     waypoints,
 )
-from .security import ApiKeyManager
 from .settings import ServerSettings
 
-dependencies = []
-if ServerSettings.get().require_api_key:
-    dependencies.append(Depends(ApiKeyManager.verify))
-
-app = FastAPI(dependencies=dependencies)
+app = FastAPI()
 app.include_router(controlpoints.router)
 app.include_router(debuggeometries.router)
 app.include_router(eventstream.router)