Authentication and transport encryption for API
The API should be able to authenticate the client and should mandatorily use TLS.
This could be solved both at once by using certificate fingerprints as client identification. That's not very common, though, so maybe it's too much of a hassle to set up for "normal" admins?
This change needs to be coordinated with corresponding changes in schleuder-conf and webschleuder3.