In technical terms, this can be done via an API endpoint (@frappe.whitelist(allow_guest=True)) and saving the document while ignoring permissions (my_doc.save(ignore_permissions=True)).
I am unsure if Frappe has one-time use access tokens built-in for authentication, but that should not be incredibly hard to create either. A new One-Time Use Auth DocType could be made with token and expires columns; one could potentially add a docname part to validate what document that one-time use token has access to. The token generated can be passed
http://example.org/api/method/myapp.myapp.mymodule.mark_delivery_note?token=abcde12345&docname=mydeliverynotename
Someone who knows Frappe deeper could share how to add the authentication as middleware. If not, the API function can just manage authentication before changing the Delivery Note status.
In more general terms, it is not extremely difficult to accomplish this. I would recommend building your own Frappe app as a companion to ERPNext (along with any customizations you have done).