CC: Restrict API key auth for service-to-service

[alliscode]

Exposing an API key in a browser client is not recommended.
Reference: Fix security issues in copilot chat app by DavidParks8 · Pull Request #1090 · microsoft/semantic-kernel (github.com)