create "API key for services" mechanism

[graybeal]

Add mechanism to distinguish API keys for users, from API keys for applications/services.

Maybe add a feature to existing accounts to generate additional API key for applications, or offer a second 'create user' path for applications, or just ask people to create a new account with (APP) in the name.

[graybeal]

The ideal implementation is: (A) add a checkbox that says "Check box if this account is for a public-facing application or service that is accessing the portal via its API?" (I'm using 'the portal' so it applies to BioPortal or any OntoPortal.) (B) If the user checks the box, then keep track of that setting for each user and: (B1) Show a drop-down that asks "What is the type of the application or service that will be accessing the portal?" Give the options 'RedCAP', 'OntoPortal', 'CEDAR deployment', and 'Other (please enter)', with a blank next to Other. (If Other, require the entered text and store that text as the answer; otherwise, show the text from the selected option.) (B2) Also show a line that says "If you are developing this API interface, please review our request rate limits. The content at https://www.bioontology.org/wiki/Annotator_Optimizing_and_Troublehooting is useful to understand practical rate limits for your system's queries."

This feature will help us understand and report on usage of the system, connect with users of the system, and control systems' access to BioPortal (before or after they make too many problematic API calls).

I expect we will manually set the appropriate 'public app' flag and system variable for all the existing users with REDCap in their names, as well as for the CEDAR accounts.