Server side Proxying

In manage-frontend (with the exception of the Identity tabs which go direct to identity APIs), all client-side AJAX calls are proxied through the NodeJS server (see apiProxy.ts), for the following reasons...

• avoids any CORS headaches (because all endpoints are on the same domain e.g. /api/me)
• potentially some Fastly CDN speed improvements - although IMPORTANT to note that we don't cache any API calls - see wiki/Caching
• nice meaningful API endpoints (e.g. /api/payment/card/:subscriptionName) - re-mapping the endpoints on all the various APIs (which can't easily be changed at source as other services may be using them)
• detailed logging of all API interactions (rather than always having to visit the logs of all the APIs individually) - see https://github.com/guardian/manage-frontend/pull/373
• add additional headers containing server-side only values, such as secrets for example - see wiki/Proxying-API-Gateway-Lambdas
• so we can transform responses (add/remove/restructure) should we need to (although not really using this capability currently)