Make webapp API work with API keys

[anthonygego]

Currently the webapp API requires users to login and client to keep the session cookie and send it back for each HTTP request. This login process will fail with some authentication methods such as the recently added SAML2, which require serveral web redirections...

A better way to handle this is to work with API keys and let users define the applications that are allowed to access their profile.

Another interesting feature would be to handle anonymous submissions (currently done via a plugin) quite the same way.