NEX-153: Add separate consumer for previewing, prevent anonymous access to graphql

[vermario]

Link to ticket:

https://wunder.atlassian.net/browse/NEX-153

Link to feature environment:

https://nex-153-next.next-drupal-starterkit.dev.wdr.io/

Changes proposed in this PR:

Currently, following the original setup of next-drupal we are using one consumer in Drupal, which is associated with a role with higher privileges (bypass access control, execute graphql queries)

When doing calls from next.js to Drupal, currently we could decide whether to use authentication (so "becoming" this admin like user) or to call drupal without authentication. When building pages for preview we were using authentication (because we need to preview unpublished nodes, revisions), but when building pages for "normal consumption" we were using anonymous requests.

This meant though that the graphql endpoint needed to be left open for anonymous users, which is definitely not great.

So in this PR:

1. we add a second role (next-api-viewer) that is able to use graphql but has no special permissions in terms of accessing unpublished content)
2. we add a second consumer (with its own id and secret) connected to this new role. Also, we connect the frontend-loginrole to this second consumer, so that it gets only "normal user" privileges.
3. in the frontend, we create two instances of the drupalClient, one for previewing, and one for normal operations, and switch between the two when necessary.
4. we then remove access to the graphql endpoint for anonymous users.

How to test:

Locally, run ./setup.sh , check that:

1. the site builds
2. you are able to preview unpuslished contents

NOTE: login does not work in silta at the moment for unrelated issues