In this PR:
- The Actor health check route now _never_ requires auth (bearer token).
It is always unprotected.
- `arcade dev --no-auth` disables all Actor auth entirely, making all
routes unprotected. Useful for debugging, but emits a warning to the
console.