Anonymous API access#17

The idea is that the site devs should be able to define permissions for anonymous API requests (API requests without any authentication whatsoever).

This could be solved by allowing the magic nobody role to have permissions in the blueprints. The default permissions would of course still be completely locked down, so site devs need to explicitly whitelist anonymous access.

The next step would be to allow anonymous API requests in general (don’t block them all together), but assign them the nobody user so that the permissions system gets to check whether the current request is allowed or not.

I just recently read about api parts of a plugin - api.data, api.routes - and was really sad that if you want an anonymous api access, you need to basically not use any of the API niceties Kirby have.

Having an option to hook into the api system even for common/public api routes would be awesome