Let REQUIRE_LOGIN mode passthrough valid auth tokens
Otherwise REST API and XMLRPC are practically unusable.
This is a passthrough mode meaning the token should be validated and assinged user down the processing stack.
This means that using the valid token someone can access other pages as an anonymous user even when REQUIRE_LOGIN is enabled.
The code is based on lava_rest_app.authentication.LavaTokenAuthentication