Implement user authentication

[TheJolman]

We don't need to worry about authenticating API calls until this is running in production and being actively used, but when that does happen this should be done.

If this is going to be the go-to hub for club data, unauthenticated access for everyone would be a bad idea.

idea: have a page on the main site for generating API keys. You would have to login with GitHub and maybe have an existing club member verify you? Or maybe there would just be a list of trusted GitHub accounts that you would have to be on somewhere.

[TheJolman]

At this point I'm thinking that discord OAuth is the cleanest solution. It would require:

• Have a discord bot that can read roles in our server
• When making an API request, user gets prompted to login with discord. It then uses this bot the check their roles and determine if they're allowed to make the request

[jaFriend]

Progress being made by this draft pull request.

[TheJolman]

Been doing some research on this. github.com/bwmarrin/discordgo is the most popular discord go library.

So while we could write this this without using a discord bot and just using discord OAuth, I think we should have a bot in the server for this (can be the future capyBot). It doesn't need to do anything, but the discord API will be able to ask it to read the roles in the server. Otherwise when the user logs in with discord the API will have to ask for certain permissions (scary).

• Should be implemented using middleware
• Create and use ENV environment variable so we can skip auth entirely when testing in development.