Send archiver key as a HTTP header (CVE-2021-35058)

Passing the archiver key as a GET query parameter means it shows up in various uwsgi/server logs. Instead, send it as a HTTP header which should keep it out of all logs.

This will require updating your hyperkitty package to read the key from the header. See hyperkitty!354 (merged).

Fixes hyperkitty#387 (closed)