Adding support for auth tokens for bots

[dennyabrain]

A User should be able to generate a token within kosh. This token will be associated with a dataset and this token can be used as an authorization token by any client to add/delete/update Media to kosh.

A reference implementation is Github's personal access token.
"Personal access tokens (PATs) are an alternative to using passwords for authentication to GitHub when using the GitHub API or the command line."

User generates a token on github and uses it in their client like this

axios({
    method: "get",
    url: `https://api.github.com/repos/${user}/<reponame>/`,
    headers: {
        Authorization: `Bearer ${githubToken}`,
        "Content-Type": "application/json"
    },
 })

A setup like this would work great for us, users can then be responsible for generating and managing the token. If a token leaks they can just revoke it from their account or a tattle admin can do so too.

Bot tokens should also have strict access control, a bot should not be able to edit or delete Media within datasets or datasets themselves that are not associated with it.

[dennyabrain]

The key benefit this enables is that it makes it possible for users to manage their own datasets without interacting with a Tattle Admin. In the past the tattle admin has had to be around to ensure that users were using the right token and the admin was responsible for revoking and generating the tokens.

This way individual users (tattle team members but also general public) could be responsible for managing and adding data to individual datasets without any dependency on a tattle admin.
For instance, user tarunima could register a bot called 'factcheckarticle_crawler', generate a token for it and use a python script to add new data periodically to kosh. user rahul could register a bot called "ogbv_crawler", generate a token for it and use a javascript script to add twitter gender violence data to kosh.

The admin only needs to intervene if a bot starts misbehaving.

This is a marginal time saving win in context of only tattle members but as we slowly open the platform to trusted people (academics, researchers) and then general public, removing this bottleneck of tattle admin dependency will serve us well in getting new users.