Add warning about the encryption key to ooniauth v1

ooniapi/services/ooniauth/src/ooniauth/routers/v1.py

@@ -115,6 +115,16 @@ async def user_login(
     settings: Settings = Depends(get_settings),
 ):
     """Auth Services: login using a registration/login link"""
+
+    # **IMPORTANT** You have to compute this token using a different key
+    # to the one used in ooniprobe service, because you could allow
+    # a login bypass attack if you don't. 
+    #
+    # The token used in ooniprobe is generated regardless of any authentication,
+    # because it's a toy token to please old probes. 
+    #
+    # We set this up in terraform
+
     try:
         dec = decode_jwt(
             token=token, key=settings.jwt_encryption_key, audience="register"