Require authentication for the web interface

We don't want to allow arbitrary processes with access to the Tahoe-LAFS web API to interact with the plugin interface. We want to expose information about vouchers in this interface so that nice clients (eg GridSync) can provide a good UX. We don't want to leak this information to attackers (they might steal unredeemed vouchers, for example).

Do the usual Tahoe-LAFS thing where the web interface requires access to the private node directory (by requiring a secret be read from there to use the web interface) so that filesystem permissions can be used to control access to the web API.