Add option to require authentication token for web UI

[raxod502]

When developing on a remote server, testing the webapp in a browser requires you to open traffic to the public Internet. This is obscenely insecure. We should add an environment variable for Riju whose value, if it is present, must be passed in the cookies of every request to Riju. If the cookie is unset or incorrect, we can serve a simple static webpage with some JavaScript that will allow the user to type in the token and set it in their cookies.