Add API key protection to example API server

[bhoefle-3dgeo]

Problem Our test instance should be protected with an API key. Currently it is completely open and can be accessed by anyone and also by bulk requests.

Possible solution: Protect the complete API with a key. Key has to be provided with each API request as argument (or similar). This key has not be linked to a user management. Simply, it can be one key (or a list of permutations) that can only be gotten behind a human-machine detection (e.g. CAPTCHA, (QR) code for smartphone, etc.).

Todo:

• [x] Check API key protection options for our API implementation on test server. find technical solution.
• [x] Implement a protected way to get the key (or a permutation of it on a longer list) only by humans. User then uses the key as parameter in the API request.
• [ ] Implement key check on our test instance
• [x] Update documentation where API of example server is used.

[annachiu7]

I don't think key check should be implemented in the tests, as it will expose the secret when tests are updated to github.