Provide Users with Public(ish) URLS to Baskets

[imRohan]

Currently, users are able to GET/POST a particular basket via one private(ish) URLs.
The API endpoint looks like this /apiv1/pantry/PANTRY_ID/basket/BASKET_NAME.
This is problematic since users should not share this URL with untrusted parties since
it exposes both their PANTRY_ID (uuid) and a BASKET_NAME (human-readable name).

By providing users a way to create a public link directly to their basket, we should be able
to generate a "proxy path" to a particular basket without exposing private details.

POST - /apiv1/pantry/PANTRY_ID/public_basket/BASKET_NAME returns /apiv1/public/UUID

[LeXofLeviafan]

…I'd like to add that the user's own webapp also counts as an "untrusted party" for this purpose (because all major desktop browsers have built-in debuggers that make it trivial to keep track of all fetched URLs).

Using the basket name isn't really a problem (if anything, having it in the URL makes it more convenient for legitimate debugging, and it's hardly going to contain some sensitive information), but knowing the pantry ID is the only thing that anyone needs to gain full admin access to it.
In fact, rather than an "enhancement request", I'd flag this issue as a "critical bug" 😅

[WallOfMessages]

(hashing and salting the pantry id)