Add submission secret

[aleinin]

Currently, all you need to edit a submission is the UUID.

This is mostly fine, its intended for the barrier to entry to be small (no need to create an account or authenticate). With that said, its intended for data to be easily added by anyone but not easily deleted by anyone. As it works right now, you can see all submission UUIDs via looking at the network requests and if you know how the submission UUID is set, or the backend endpoint, you can edit any submission.

The easiest way to reduce this risk while also keeping barrier to entry low is to add a new field called "submissionSecret" It'd be some randomlly generated value (perhaps a UUID) that is returned on the initial submission creation and stored in the user's local storage. After that, the secret will never be shared again via the backend. If the user loses their secret they can contact an admin who can get the secret using a protected endpoint and direct the user from there.