grpc: Move /posts/<id> to backend

[ashquarky]

Part of #112
Need to submit this before it gets unreviewable

Changes:

This PR adds the extra infrastructure needed for miiverse-api to act as datasource (authentication, error handling, type conversions, validation etc.) and then moves the "post by id" endpoint (and only this endpoint) to the new backend. A few calls to the old database exist in the frontend since they rely on the Post being a Mongoose object for further DB calls - these will be ported once those further calls are in the API.

• The Endpoint: Just sends the document right out of MongoDB for now.
• Validation: On the frontend side, that document gets passed through a Zod schema. The one I've written (Post) is descriptive, not prescriptive, made in consultation with the prod database so all the jank of the current DB schema is preserved. This will be useful to make sure changes we make to miiverse-api don't break the frontend.
• Authentication: Either the OAuth token (web), service token (console) or nothing (guest web) are included with requests to the backend as headers. It has middlewares to process these tokens, and also has per-endpoint middlewares to select between guest, user, moderator access. On the frontend side, a "UserTokens" object keeps the current state of things cached and can be blindly passed back into the API, so this doesn't make much mess in the business logic.
• Error handling (API): Errors can be thrown deliberately to get specific HTTP codes (Unauthorized, Forbidden etc.), or can just be general JavaScript errors. I know throwing is a different design to what I had refactored into the Nintendo API, but I think this is nicer again. Maybe I'll re-refactor the Nintendo API.
• Error handling (frontend): HTTP codes from the backend are thrown and allowed to bubble. The error handlers and rendering are tweaked to work better (instead of sometimes spewing a stacktrace), include the request ID, etc. A special case is included for when the user needs to re-log-in; the frontend is extremely permissive about caching and not re-checking tokens, see also juxtaposition-ui: Check for expired tokens in frontend #114 - I'm expecting this might be a problem in prod

I know this is an absolute boatload of infrastructure for a very minimalist endpoint (and even it's missing some things, like the moderator/removed posts override) but hopefully it will serve as a foundation for us to work on top of.

• I have read and agreed to the Code of Conduct.
• I have read and complied with the contributing guidelines.
• What I'm implementing was an approved issue.
• I have tested all of my changes.

[ashquarky]

Note to self: Need to check Juxt bans on the API too (not just PNID bans)

[ashquarky]

I hate CodeQL actually. I do exactly what it suggests and it goes "nuh"

[mrjvs]

lgtm, is this ready for merge?

[ashquarky]

I think so. I am a bit worried about token expiry (web frontend requests that go thru this api check the token on every request now) but we can always branch this back off if it becomes a problem

[ashquarky]

Token expiry issue PretendoNetwork/account#184

[mrjvs]

This is waiting on PretendoNetwork/account#184 to be resolved, can be merged when that's done

[ashquarky]

Account server side is good to go, ~~now just need our side (which is present in #138) and this can land

[ashquarky]

This should be ok to go barring any conflict with #138