Make internal requests work in JSON-only mode

[janko]

When #only_json? is set to true, the JSON feature requires that requests have Content-Type and Accept headers set to JSON. This is not the case in internal requests, which have a form-data content type set up.

Since in internal requests we don't want to deal with HTTP-level requirements, we set #only_json? to false in the internal auth class to allow non-JSON requests. This should be fine, because in internal requests params are grabbed from an internal hash anyway.

[jeremyevans]

I agree, it makes sense to do this. Thanks for the patch!