[keyserver] disable requiring legal policies for update_device_token endpoint

Summary:
Looks like this endpoint may be called when user is not logged in, and in this situation there is no need to validate policies.
I experienced this in the middle of SIWE flow when user is not logged in yet, but update_device_token was hit and error was thrown.

Test Plan: Make sure using this endpoint doesn't require privacy policy acknowledgment

Reviewers: tomek, ashoat

Reviewed By: ashoat

Subscribers: ashoat, atul

Differential Revision: https://phab.comm.dev/D6395