A select few users should have the ability to elevate API keys so that no checks are performed (elevate: true, in Firebase).
I'm assuming that these users should have the ability to do this for any key even if it's not associated with their account.
See also #21
