Hide api key in xhr-responses if key is configured in config.php

[IljaN]

If the api-key is configured via config.php the api-key is still leaked via XHR-Responses. This PR hides the API-Key in this case. Contrary to assumptions made in #453 the frontend does not need any changes as it seems to be able to handle the missing apiKey-field without errors.

Fixes #453

[codecov]

Codecov Report

Merging #454 into master will increase coverage by 2.95%.
The diff coverage is 100%.

@@             Coverage Diff              @@
##             master     #454      +/-   ##
============================================
+ Coverage     53.17%   56.12%   +2.95%     
- Complexity      268      269       +1     
============================================
  Files            17       17              
  Lines           961      930      -31     
============================================
+ Hits            511      522      +11     
+ Misses          450      408      -42

Impacted Files	Coverage Δ	Complexity Δ
lib/Controller/LocalAppsController.php	0% <ø> (ø)	5 <0> (ø)	⬇️
lib/Controller/MarketController.php	6.91% <100%> (+6.91%)	42 <0> (+1)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3128a70...a8eec47. Read the comment docs.

[PVince81]

@IljaN no UI changes needed ?

would be good to add a bit more context when writing PRs, make sure to think about who will review it and what questions they'll have

[IljaN]

@PVince81 No, the existing frontend code seems to handle it pretty well. User is shown as Logged-In and change-api-key button is hidden.

[PVince81]

👍

[IljaN]

Updated PR description