The client-side fetch API, by default, appends the correct authorization (which includes the username and password) to any requests. However, the code was overwriting it with API keys.
To fix this, I added a new header for the proxy called `X-REAL-AUTHORIZATION` which will proxy the API key through, while not overwriting the user/password authorization needed for the server to accept the proxy request.
Adds a new argument and environment variable to change the SQLite
storage path, which helps with the Docker volume.
Adds a .gitignore for any docker-compose.override.yml files.
This PR introduces a whitelist check to mitigate SQL injection risks when handling user input. Previously, user-controlled input was being used directly in dynamic SQL queries, which could allow an attacker to manipulate database queries.
E.g. https://github.com/lmg-anon/mikupad/blob/HEAD/server/server.js#L285