Support Google Service Authentication (access_token) instead of API Key

[dviry]

As also mentioned in another related issue, using Google API Keys is troublesome specially when stored in a javascript file (that anyone can read).

Instead, Google suggests using a Service Account; so any server-side code is actually authenticating to Google (using a private key or certificate), receives a temporary access_token which can then be passed to the URLs when accessing Google Services.
In the Geolocator config, only a Google API Key can be specified - could this be extended to allow an access_token which will then be instead used on URLs instead of the Key=xxx parameter?

I think that would solve a lot of security issues as well as enable all Google Services to work (at least for those ready to add a server-side component for the authentication)

Cheers

[dmegatool]

Anybody got a work around to not use unrestricted keys ?