Re-evaluate need for nonces in REST API

[leopiccionia]

Currently, JEO sends a X-WP-Nonce header to most/all requests to WP REST API.

It's a good practice, but makes some improvements, like caching pages, much more cumbersome and error-prone.

For handling caching issues in its dashboard, PlenaMata uses a patched fork of JEO for months, maintained in the no-nonce branch. If it's proved that removing the nonces don't break other JEO installations, it could avoid having to maintain two different active branches of JEO and help prevent future issues similar to those currently faced by PlenaMata.

Nonces may be required for some tasks, like previewing private/drafted maps or layers. It should be tested on Carto layers (the reason the nonces were originally introduced), too. At worst, we could consider only sending nonces on-demand.

[leopiccionia]

In commit 2487af9, I've implemented a solution that consists of using nonces only for logged users.

Because documents for logged users are not cached by most plugin setups, it doesn't break caching, and allow logged users to view draft and private maps, story maps, etc.

Because Carto requests always run inside /wp-admin (and, therefore, requires a logged users), it's covered in previous case.

It seems like a good compromise, and my initial tests doesn't show any breakage.