Add feature that disallows reverting append-only mode

[Forceu]

This PR adds a feature that disables reverting back from append-only mode to normal mode. It is off by default.

This can be used for additional security. For example, if the repo is append-only, an attacker with access to an API key with update permission (or the web UI if DISABLE_DELETE_REPO is set) and backup source should not be able to delete the repo.
However, by removing the append-only mode, uploading an empty backup, deleting all previous backups and compacting the repo, the attacker deleted all data and leaves an empty repository. This feature would prevent this (most likely rather remote) case.

[Ravinou]

Very interesting feature. However, I think we should perhaps add a warning icon on the editing UI side to warn you that if you activate the mode, it cannot be deactivated. What do you think?

[Forceu]

That is a good idea. I think I had problems reading the env variable in the RepoManage container the last time when I tried adding an indicator if the server supports deleting repositories. Did I simply used incorrect code or is it not possible to get a proper process.env in this instance?

[Ravinou]

You can't read env from front end, only from backend for security reason, so you need to read it by API 👍

[Forceu]

I assume there is no API call for that yet? At least in the API documentation I didn't see anything. If not I might add some parameters to the /version call output.