Add options to authorize access

[Tethik]

In many use cases of this app allowing anyone to post new messages is pretty unnecessary. Blocking public access to posting new messages would also reduce the likelihood of a DoS attack.

Add authorization of some sort to restrict access to who can post new messages. At the same time it might also be interesting to look at access-restricting the site in a read sense too. Make it fully configurable what is accessible by who so that sysadmins can tailor the app for their own use-case.

E.g. one organisation running it on an intranet could leave it open to anyone because so they rely on the authorization of having access to the intranet. Another organisation wants to use it to send passwords or other secrets to their clients, so they leave read open and restrict write to people within their organisation.

[Tethik]

This might be easier to leave to nginx or whichever server is hosting the application.