POST Notifications should require authentication

cf. #126 (closed)

The /notifications path to POST Notifications should require an authenticated client. See

https://iata-cargo.github.io/ONE-Record/security/authn-application-layer/#api-authentication-and-autorization