Add API key authentication.

We don't have any sensitive data, but we do access the file system. On
the off chance that some phishing website decides to try to use
Liberation as an attack vector, prevent access to the API by
unauthorized applications. An API key is generated at each program start
and passed to the front end via the QWebChannel.

qt_ui/widgets/map/model/mapmodel.py

@@ -10,6 +10,7 @@ from game import Game
 from game.ato.airtaaskingorder import AirTaskingOrder
 from game.profiling import logged_duration
 from game.server.leaflet import LeafletLatLon
+from game.server.security import ApiKeyManager
 from game.theater import (
     ConflictTheater,
 )
@@ -46,6 +47,7 @@ from .unculledzonejs import UnculledZone
 class MapModel(QObject):
     cleared = Signal()
 
+    apiKeyChanged = Signal(str)
     mapCenterChanged = Signal(list)
     controlPointsChanged = Signal()
     groundObjectsChanged = Signal()
@@ -187,6 +189,10 @@ class MapModel(QObject):
         self._map_center = [ll.latitude, ll.longitude]
         self.mapCenterChanged.emit(self._map_center)
 
+    @Property(str, notify=apiKeyChanged)
+    def apiKey(self) -> str:
+        return ApiKeyManager.KEY
+
     @Property(list, notify=mapCenterChanged)
     def mapCenter(self) -> LeafletLatLon:
         return self._map_center