Remove real live api key

[EmilyZhang777]

This change removes the real live api key to resolve a vulnerability.

J=VULN-37164
TEST=auto

[github-actions]

Pull Request Test Coverage Report for Build 7644357355

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 92.972%

---

Totals
Change from base Build 7145357168:	0.0%
Covered Lines:	338
Relevant Lines:	357

---

💛 - Coveralls

[nmanu1]

technically, removing the api key like this won't really help since the repo (and it's past versions) are open source. if security is concerned about these keys getting out, it might be worth looking into whether github has a way to fully redact/delete part of a file, including its past versions

[EmilyZhang777]

I'm planning on deactivating the api keys, so this change should be sufficient.

[nmanu1]

I'm planning on deactivating the api keys, so this change should be sufficient.

would that deactivate the slapshot test account? I find that pretty useful for testing and I believe a lot of our SDKs' test sites are built around the configuration of that experience. it would also be worth checking if the public-facing search-ui-react Storybook site is based off of this experience as well

[EmilyZhang777]

We could generate a new api key for the account/experience and use that in places needed without deactivate the account/experience itself.

[nmanu1]

if this is a new patch, you'll want to merge into a hotfix branch rather than develop

[EmilyZhang777]

I'll update search-core first and revisit this PR to include version bump for search-core 👍

[nmanu1]

I thought we were marking these vulnerabilities as a false positive. do we still need to remove the key?

[EmilyZhang777]

Yeah, talked to mcgin and confirmed we still want to remove them