fix: security review (#656)

* Add security review doc

* Add tests to reproduce security issues

* Fix security issues

* Fix tests

* Set auth auth backend for tests

* Fix ics api tests

* Fix transcript mutate check

* Update frontent env var names

* Remove permissions doc

server/tests/test_transcripts_audio_download.py

@@ -111,7 +111,9 @@ async def test_transcript_audio_download_range_with_seek(
 
 
 @pytest.mark.asyncio
-async def test_transcript_delete_with_audio(fake_transcript, client):
+async def test_transcript_delete_with_audio(
+    authenticated_client, fake_transcript, client
+):
     response = await client.delete(f"/transcripts/{fake_transcript.id}")
     assert response.status_code == 200
     assert response.json()["status"] == "ok"