Draft: Test apikey support

This MR is a test to change the authentification mechanism that the frontend uses.

The idp access token is now only used to trigger the intial login. It gets an APIKey from the backend, that is then used for all the requests. This has the benefit that the apikey doesn't expire like the token, so in case the problem with the hifis idp to support refresh tokens for single page applications would not be solved, we could have a work around here (and we would also support apikeys in gereral).