Add configuration for backend to limit access to public endpoints

[paul121]

The frontend has some basic configuration that allows either OPEN_FARM_REGISTRATION or INVITE_FARM_REGISTRATION. This needs to be reflected on the backend as well, and ideally use the same environment variables for this configuration.

[paul121]

We should write tests for this, too. I'm not sure how possible this will be because the public access is dependent on an environment variable that is read into the core config.

• Perhaps we can simply modify the config value within a pytest test to disable public access, make a request, validate a 401 response, and then re-enable and test that there is public access.
• If there is a need to run tests across different configs we can run the entire test suite for each configuration with the Gitlab CI integration. This might be the best approach, although it makes local testing a bit more difficult as the developer needs to be aware of which config they're running the aggregator with.
• At the very minimum we could default to one config of testing that the pages are NOT accessible publicly.

[paul121]

It would be fairly hard to implement these tests right now. A refactor of the backend tests to inherit from the Starlette test framework would make this much easier. That way, an instance of the app can be prepared for testing unique test cases and configurations. (more info in fastapi/full-stack-fastapi-template#111)

Moving this to the v1.1.0 milestone as this is related to improving integration tests in general.

[paul121]

Upgrading to dependencies before we release v1.0.0 made this possible to implement. Tests now use the FastAPI TestClient which makes it possible to alter the app config for individual tests.