Use API key instead of clientSecret

As recently discovered we send the clientSecret to the webclient which
is potentionally dangerous. This patch should fix the problem and
replace the clientSecret with the originally intended and correct way to
implement it using the API key.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

Author: SISheogorath

app.js

@@ -33,7 +33,7 @@ var data = {
   urlpath: config.urlPath,
   debug: config.debug,
   version: config.version,
-  GOOGLE_API_KEY: config.google.clientSecret,
+  GOOGLE_API_KEY: config.google.apiKey,
   GOOGLE_CLIENT_ID: config.google.clientID,
   DROPBOX_APP_KEY: config.dropbox.appKey,
   allowedUploadMimeTypes: config.allowedUploadMimeTypes

lib/config/default.js

@@ -104,6 +104,7 @@ module.exports = {
     appKey: undefined
   },
   google: {
+    apiKey: undefined,
     clientID: undefined,
     clientSecret: undefined
   },

lib/config/environment.js

@@ -74,6 +74,7 @@ module.exports = {
     appKey: process.env.HMD_DROPBOX_APPKEY
   },
   google: {
+    apiKey: process.env.HMD_GOOGLE_APIKEY,
     clientID: process.env.HMD_GOOGLE_CLIENTID,
     clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET
   },