Ignore user scope checking for unauthenticated users
Closes #756 (closed)
Note that this will still cause weird error messages if the user is logged in but is not verified, or is not internal, depending on the permissions of an API. Properly fixing this requires a larger rewrite of our permission classes, which is already required to fix #554 (closed).
Edited by Erwan Rouchet