Incorporate JWT/access-token as API authentication

[dappsar]

All endpoints must be authenticated to reduce security issues. Since there are two call points: frontend and prompts (Chatizalo functions), it is recommended to have two access tokens. One to be used by the frontend and another for the prompts. These access tokens should be stored in and read from GCP's Secret Manager.

ToDo

• [x] Add libraries (jsonwebtoken, bcryptjs)
• [x] Generate 2 tokens (front and chatizalo), and save them as "FRONTEND_TOKEN" and "CHATIZALO_TOKEN" in Secret Manager
• [x] Add middleware for endpoint validation (separately: front and chatizalo)
• [x] R/W of tokens with Secret Manager (GCP)
• [x] Add token to calls from chatizalo (bdd functions)
• [x] All endpoint must be protected
• [x] Check if there are endpoints that are called from both places (frontend and prompts) for access-token validation.

[dappsar]

Prompt (function): va a tener fijo el token (esto queda en bdd) y con esa llamada al endpoint con access-token. El access-token del promt, queda en secret manager y el backend lee de ahí.

Front lee secret manager y luego llama a backend.