Add basic authentication for MX interacting with /incoming

Part of #8829 (closed), and related to: #8828 (closed) and #8818 (closed)

We need a authentication system so we ensure only MX can PUT incoming docs into /incoming.

Changes that need to be made:

• allow requests to /incoming.
• add mx token to soledad server config file.
• restrict requests to /incoming to mx user.
• if user is mx, check token against value in config file.
• add documentation on how auth system works.
• create an issue to add token to mx config file: leap_mx#8664 (closed)