Strengthen integration

Two modifications to improve UX when things go bad or in case a user (maliciously) tries and accesses a note from outside the integration. For the latter, a secret API_KEY parameter is introduced in the configuration, and its value checked against an apikey query parameter on any access to a note.

To be noted that a standard Authorization: Bearer header was not used to still allow redirection to a single URL, so that end clients do not need to include that header. to In the future, the apikey check could be propagated to other controllers.