Added ACKEE_ANONYMOUS Environmental Variable For Allowing Users To View The Ackee UI Without Logging In

[Zozman]

As described in Issue #276, if a user has their instance of Ackee behind a reverse proxy, then it is possible that they might want to handle authentication on the proxy level instead of on the Ackee level. Therefore this PR adds a ACKEE_ANONYMOUS variable that when set to true will automatically generate a session when opening the UI instead of prompting the user for credentials. This even makes it possible to run an instance of Ackee without a ACKEE_USERNAME and ACKEE_PASSWORD even set.

[vercel]

Someone is attempting to deploy a commit to a Personal Account owned by @electerious on Vercel.

@electerious first needs to authorize it.

[electerious]

Thanks for the PR!

There was already a similar experiment, but we couldn't find a way to protect the UI while keeping the /api endpoint public. ackee-tracker can't track visits when the endpoint isn't public and a public endpoint without a password protection means that everyone can modify and see your data.

#243 (comment)

[Zozman]

Could we mark tokens then to know if they had been generated with or without a password and then only let the /api endpoint's more sensitive operations work if the token was generated with credentials?