auth: further sanitize requests to prevent GET CSRF (CVE-2016-3691) Routes allows GET requests to override the HTTP method, which breaks the Kallithea CSRF protection (which only applies to POST requests). This commit blocks such GET request, preventing CSRF attacks.

# requirements.txt file for use as "pip install -r requirements.txt" as a
# readthedocs compatible alternative to "pip install -e ." which is a working
# alternative to "setup.py develop" which doesn't work with Mercurial 3.7
.