Switch to signed cookie auth and stop leaking player IDs

Endpoints/ResultsEndpoints.cs

@@ -8,8 +8,10 @@ public static class ResultsEndpoints
 {
     public static void MapResultsEndpoints(this IEndpointRouteBuilder app)
     {
-        app.MapGet(
-            "/api/results",
+        var group = app.MapGroup("/api/results").RequireAuthorization();
+
+        group.MapGet(
+            "/",
             async (HttpContext ctx, AppDbContext db) =>
             {
                 var player = await EndpointHelpers.GetAuthenticatedPlayer(ctx, db);