Send archiver key as a HTTP header (CVE-2021-35058)
Passing the archiver key as a GET query parameter means it shows up in various uwsgi/server logs. Instead, send it as a HTTP header which should keep it out of all logs.
This will require updating your hyperkitty package to read the key from the header. See hyperkitty!354 (merged).
Fixes hyperkitty#387 (closed)