We don't have any sensitive data, but we do access the file system. On
the off chance that some phishing website decides to try to use
Liberation as an attack vector, prevent access to the API by
unauthorized applications. An API key is generated at each program start
and passed to the front end via the QWebChannel.
A possible explanation for the infrequent CTDs we've been seeing since
adding fast forward is that QWebChannel doesn't keep a reference to the
python objects that it passes to js, so if the object is GC'd before the
front end is done with it, it crashes.
We don't really like QWebChannel anyway, so this begins replacing that
with FastAPI.
