Allow authentication via URI query parameter

[SaberStrat]

Currently, alpine-server's AuthenticationFilter checks only for a header X-API-Key for an API key. However, there are use cases for clients that cannot pass a header or only with difficulty.

One such case are SVG badges. More specifically, this would be a requirement for https://github.com/DependencyTrack/dependency-track/issues/3596.

This enhancement suggests allowing an API-key to be passed via URI query parameter instead of a header. I'd gladly submit a PR myself.

Question is, should this be an alternative to the header that's always available, or should this be enabled explicitly?