Kickoff 'Two-legged Auth' with at least one sender

[jimduff-usds]

(Follow-on to #1766)

This ticket is to kick off 'FHIR auth' with one or two senders, probably InBios This ticket is DONE when

• we have switched at least one sender over to FHIR Auth
• we have understood InBios' plan to export data directly from their device, and have worked with them for a way to secure their keys off-device.
• we have coded and tested a mini-example (in a language useful to inbios?) of how to authenticate via our api/token endpoint.

Background info:

@anshulkumar-usds writes:

Joel and I met with InBios yesterday to address some of their onboarding/submission concerns. They mentioned they're not going to be storing any PII data at InBios, and will be relaying testing results from their app directly to RS due to security and privacy considerations. They're also interested in exploring the FHIR authentication model, and are willing to work with us to go through a pilot. Please let me know when you're ready to have an introductory call with them to explore their needs and our capabilities. To start, they just want to learn more about how things will differ from the current process, and what benefits FHIR provides.

[jimduff-usds]

We are doing this with HCA, not inBios.