Auth is only needed for some URLs

[ipwnponies]

I discovered that no auth is required for getting city or menus. Likely only for POST calls, KITCHEN_URL and RESERVATION_URL.

I suggest we whitelist the URLs (operations) that require credential. This makes cli commands to list cities or menus (#7) simpler to test and run, since it's stateless and doesn't require requests session or unnecessary logins.

[edmundmok]

Yes, I think this means mealpal.get_schedules('San Francisco') doesn't help verify cookies anymore. Will need to check this again though. A better way would probably be using some kind of "get profile" API.

[ipwnponies]

Good point about the false confidence from get_schedules. I wonder what response would be returned if hitting /login with no user and password.

Thinking harder about this, we don't actually need auth, it's only when we call initialize_mealpal in execute_reserve_meal: https://github.com/edmundmok/mealpy/blob/5fc5bc7a97e4dda452b26d46552c5fccf084ee00/mealpy/mealpy.py#L206-L208 So I think this issue is more about cleaning up the structure of the code so that initialize_mealpal is more like "populate existing MealPal instance with cookie information". Rather than be the starting point for all commands.

Okay, I'd say this ticket is not yet actionable and may fix itself when other features (#7) make it more obvious what work needs to be done.