Add authentication to Bertly 2.0's "create" and "destroy" routes, and some config validation.

[DFurnes]

What's this PR do?

This pull request adds simple header-based authentication to this applications "create link" and "destroy link" routes, so folks can't misrepresent our brand & cause a ruckus. I've also added some simple runtime validation for environment variables (so we don't forget to set them).

How should this be reviewed?

I filled in the authentication middleware in 53191d4, and added environment variable validation (powered by @sindresorhus/is) in 3b470cf. I also tidied up our nodemon config since it was getting a little cramped.

Any background context you want to provide?

🔒

Relevant tickets

References Pivotal #172865466.

Checklist

• [ ] This PR has been added to the relevant Pivotal card.
• [ ] Added appropriate feature/unit tests.

[DFurnes]

One more quick update I snagged from my next feature branch – I had used 403 for API key errors, but we use 401 in Bertly's existing APIs and other apps.

I updated this to be consistent in 6e158cc.