Remove "Check auth cookies" setting

[chesio]

Motivation:

1. I'm not aware of any scenario where this feature should be off, so authentication cookies should be always checked.
2. Optionality of the check allows for a subtle bug to be present - if the cookies are not checked, adding IP address on blacklist with admin scope does not prevent access to backend from this IP address if user is already logged.

[chesio]

Fixed in 9ecef2bdb12b1760d82211bd7523eab9bc51b326.