fix: email confirmation link panic in API mode

[wythers]

When authboss is used as API server (ReadJSON=true), users clicking confirmation links from emails would cause panic and fail to confirm their account. This is because the code tries to read JSON body from GET requests used by confirmation links.

The fix ensures confirmation links work properly in API mode

[aarondl]

Surprised this didn't get found until now. Though maybe a better fix is to ignore json body in GET requests? It seems a bit silly to try to parse a body that is likely not there.

While it's true the spec doesn't forbid GET from having a body, in practice it's not even correctly supported by many clients as to be unusable.