Remove access tokens from code

[jdwillemse]

There is an env.js file in the root that contains access tokens. We should remove these. I'd suggest switching to using the dotenv package

[denisw]

Newer Next.js versions have built-in support for .env, but we'll need to use dotenv for now.

We'll also need to update the README to explain where to get the Contentful access token from.