I'm looking for a way to protect a frontend controller by a token. We want to send customers an email that gives access to a particular record using that token. I saw information about custom guards. Is that the way to go? Or is there a easier way to solve this?