url-param auth POC

[invaliduser]

the mechanism here is a bit convoluted:

• an interceptor is injected into the chain for the statements path specifically, that removes :credentialID from the :params map, and attaches it to a new key in the :request map: :com.yetanalytics.url-credential-ID. This has to be done here or else lrs will throw a fit credentialID not being in spec
• LRS auth has a clause added that looks for :com.yetanalytics.url-credential-ID in the :request map, and, if it finds it, will query for the actual creds and modify the request so it passes Basic auth. However, I now think I can move this functionality into the interceptor and avoid muddying lrs.clj