Use project-scoped temporal tokens to interact with the API from the builders (#10378)
This implements the design document from https://dev.readthedocs.io/en/latest/design/secure-api-access-from-builders.html
- The api.v2 package was converted into a real django app, so we can add models to it.
- A custom API key model was created to hold the relationship of the key with a project
- A `/api/v2/revoke/` endpoint was added to revoke an API key after it has been used.
- The old super-user permission based still works, this is to avoid breaking the builds while we do the deploy,
that code can be removed in the next deploy.
- All endpoints use the project attached to the API key to filter the resources
- API keys expire after 3 hours
Closes https://github.com/readthedocs/meta/issues/21
readthedocs.org
55083034 - Use project-scoped temporal tokens to interact with the API from the builders (#10378)
