Introduce proper auth solution

[SilasBerger]

See https://github.com/GBSL-Informatik/teaching-api/blob/main/src/routes/authConfig.ts.

Need auth for the following features:

• Verify that lockboxes provide the correct API key when trying to open a WS connection.
• Verify that web clients provide the correct client API key when calling and endpoint such as caches/checkAnswer and known players is required.
• Distinguish between (authenticated) player clients and admin clients

We might also need to introduce multiple API keys: the lockbox API should have to go out to the public, since changing it is cumbersome.

Could it be useful to introduce passport? The onboarding process could create a session when the correct game key is provided. All subsequent requests could then simply rely on that session. Sessions don't need to be stored in a database - it's fine if we lose then after a server restart.

[SilasBerger]

Keep in mind that the game currently keeps track of known players as a sort of "game lobby", since we might want to introduce a scoring system later; see #4.