Add status endpoints to check a submission's status

The UI stuff is trickier (we can easily leak the token to the client...) still trying to find the best way to achieve this.

Based on !246 (merged)