Firebase security configuration

[brianchirls]

Firebase needs to be properly configured for both storage and database to allow read access from anywhere without authentication and for selective write access.

• Configure database access rules
• Configure storage access rules
• Configure storage for CORS - reference

@cvan, @caseyyee What do you guys think we should do for authentication? We should probably not leave write access completely open - I think people who create a puppet show should be the ones who can modify it. But I don't know what authentication method makes sense for the students. Firebase offers a number of methods.

Once we have this worked out, I'll write the Firebase rules and post them here. You guys can copy them into your paid account.