[API] Advertise anonymous token in discovery document
This will make it possible to access public data anonymously directly through the API, without going through Workbench.
Ideally Workbench (and the download service, when that happens) will also learn this from the discovery doc instead of its own config file.
Background¶Even when reading publicly accessible objects, clients must provide a valid API token. We could accept "no token provided" as being equivalent to "anonymous token", but we have decided not to:
- it's bad enough that 404 means "the object you are requesting does not exist or is not visible with these credentials", without adding another possibility "... or ((your credentials were not received at all for some reason) and (the object you are requesting is not public))".
- it's good to have fewer special cases in the authentication path
Aside: it wouldn't be unreasonable to use something like "*" or "-" (instead of the usual long string of random characters) as the anonymous token -- assuming there aren't any assumptions in the code base about length or allowed characters.