API access via token in addition to user session

[jheretic]

We need to be able to have API access privileges outside of a logged-in user session, i.e. via an access token:

• [ ] Create data model and schema for API tokens
• [ ] Add API endpoints for managing access tokens
• [ ] Add authorization roles for accessing the API w/ a token
• [ ] Create frontend for managing API tokens

[critzo]

This would be an option to replace or complement the IP whitelisting. More secure for devices to authenticate to murakami-vis