Add authorisation to trusted-services endpoints

[SilviaZeta]

Problem

Enyone with the right collection UID and image UID can send a POST request to a plugin server and run the plugin on behalf of a team.

Solution

Add request authorisation.

Considered Alternatives

No

Additional Context (delete if not applicable)

No