[#161] Update, secure & namespace the DML Drawings API

[krissy]

Addresses issue: #161

What this does

Check issue #161 for more details on the below tasks

• [x] Update the single drawing API endpoint (e.g. /drawings/xxxx.hal) to closer match the spec
• [x] Update the collection drawings API endpoint (e.g. /drawings.hal) to closer match the spec
• [x] Namespace the API so we access it not from the root URL but from an /api subdirectory. i.e. data.drawmylife.org/drawings.hal changes to data.drawmylife.org/api/drawings.hal.
• [x] Secure the API with simple token auth

Bonus things addressed:

• [x] Say hello to a new dml_id. Make our unique IDs less "data-leaky". I.e. instead of displaying a URL like drawings/13.hal which reveals publicly this is the 13th drawing uploaded, use a random hash ID instead e.g. drawings/324983274.hal. We do this using the obfuscate_id gem.
• [x] Change behaviour of unauthorized access to pages. For the API's sake, return a HTTP response of 401 (i.e. unauthorized to access this page) if someone tries to access an endpoint they aren't allowed to. This also affects hitting an unauthorized page if you browse to a page normally, where I've reverted the action of redirecting to the homepage. (Ideally we'll make custom error pages down the line to handle this nicer)
• [x] On the drawings listing page, removes the ID column (not needed, takes unnecessary space) + makes the user email column not a hyperlink (also wasn't needed, confusing UX).
• [x] Add some test database reset instructions to the README
• [x] Remove .env file from git. We shouldn't be committing this and only the example env files should be tracked in git.

Examples

cURL request with token auth:

  $ curl http://localhost:3000/api/drawings.hal -H 'Authorization: Token token="cd1facb479c09638967c2dcf78d22d5b"'

Screenshots

Singular endpoint:

Collection endpoint, page 1:

Collection endpoint, page 2: