So after having a look at
I come to my personal conclusion that Grafana is fundamentally unfit to be used in OpenHAB sitemaps, because it requires to open the whole database for anonymous clients. The major issue, besides the fact that API keys cannot be send as get parameters (while username and password can oO), seems to be that the whole query is stored at client side, so it can be freely changed by a malicious client.
What I would imagine instead is a system where queries are defined on server side and clients can only pass predefined parameters (usually probably x-axis times). Such a system wouldn’t be very hard to implement, given that there seem to be pretty nice client side graphing libs like chart.js - at least not on the required level for OpenHAB, without the need for dashboards and whatever.
Does anyone know about any efforts in that direction, or sees a fundamental misunderstanding on my side regarding Grafana?