Backup/Config.json rework for API key hardening

What does this MR do and why?

• Fixes bug where any user could create a server.
• Fixes bug where any user could gain access to api_secret with shenanigans regarding server imports.
• Due to some vulnerabilities needed to completely overhaul backups. This should have actually sped up their process - WHOOHOO
• Move unzip function to file handler. (Another side effect of what had to be done, but it should be there anyway.)
• Make functions for backups separate from archive functions in file handler
• Create Crafty Settings table in management model
• Put api_secret in database instead of config file.

How to set up and validate locally

• Run backups confirm they work.

• Upload a zip file and unzip it. Confirm that works. (Zip imports do not use this function they remained untouched.)

• Remove api_secret from config.json. Startup crafty and make sure you can load page. (If you have API keys you will have to remake them) I did not preserve existing API key just in case this vulnerability was exploited on user systems.

• Create a server. Make sure you have permission to do so as a super user and as a normal user, but not as a user who should not have perms. Do this via the webpage and a post request.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• Have you checked this doesn't interfere/conflict/duplicate someone elses work?
• Have you fully tested your changes?
• Have you resolved any lint issues?
• Have you assigned a reviewer?
• Have you applied correct labels?
• Have you updated CHANGELOG.md?