add api-key gated delete operation

[mwestphall]

• Add a new column to the API key table for "is allowed to modify the database"
• Add a new api-key gated endpoint

Relying solely on API-key based security for DB modification permissions is a little bit lax, we will likely want to reconsider this in the future