feat(api-key): Allow revoking in the future, and enforce the secret key (#6484)

Since there is quite a bit of code here already, I'll do the middleware changes in a separate PR

integration-tests/plugins/__tests__/api-key/admin/api-key.spec.ts

@@ -108,4 +108,29 @@ describe("API Keys - Admin", () => {
     expect(deleted.status).toEqual(200)
     expect(listedApiKeys.data.apiKeys).toHaveLength(0)
   })
+
+  it.skip("can use a secret api key for authentication", async () => {
+    const api = useApi() as any
+    const created = await api.post(
+      `/admin/api-keys`,
+      {
+        title: "Test Secret Key",
+        type: ApiKeyType.SECRET,
+      },
+      adminHeaders
+    )
+
+    const createdRegion = await api.post(
+      `/admin/regions`,
+      {
+        name: "Test Region",
+        currency_code: "usd",
+        countries: ["us", "ca"],
+      },
+      { headers: { Authorization: `Bearer ${created.token}` } }
+    )
+
+    expect(createdRegion.status).toEqual(200)
+    expect(createdRegion.data.region.name).toEqual("Test Region")
+  })
 })