Check/replace legacy API-KEY usage with JWT based check

[nickdos]

Potential candidate (code may not be called anymore so needs checking/debugging):

https://github.com/AtlasOfLivingAustralia/downloads-plugin/blob/develop/grails-app/services/au/org/ala/downloads/DoiService.groovy#L42

Code should not be sending requests directly but rather should use annotations via the ala-security-project plugins.