feat: checking referrer request

This and CORS should at least filter out most potential errors. Plus
some cloudflare protections should be OK.

Could even add captcha

packages/frontend/src/network/index.ts

@@ -12,7 +12,7 @@ const signedPetitionSignatures = z.array(signedPetitionWithParsedDate);
 export const getSignatures = async (): Promise<
 	z.infer<typeof signedPetitionSignatures>
 > => {
-	const res = await fetch(`${backendUrl}/sign`);
+	const res = await fetch(`${backendUrl}/sign`, { referrer: location.origin });
 
 	const body = await res.json();
 	const validatedBody = signedPetitionSignatures.parse(body);