Fix for force_post to allow interception without evilginx session

[stephenbradshaw]

This is a fix for an issue where EvilGinx will not do force_post replacement for requests to a phished domain if cookies (in particular the EvilGinx session cookie) are not included with the request. This is breaking proper interception of authentication flows where for example part of the process has a request made using JavaScript without adding cookies.

An example affected issue is here:

https://github.com/kgretzky/evilginx2/issues/1031

Have fixed by moving the existing force_post code into its own if branch that does not check for a evilginx session and adding a requirement for the request method to be "POST" - figured that since force_post has its own fairly specific conditions for matching requests that the session requirement can be overlooked