Do not validate CSRF token in API unless needed
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/35705
Calling current_user
automatically triggers CSRF token validation, and we were calling current_user
even in cases where we knew we didn't need it through a before
.