Fix operation with 'noauth' backend
With the noauth backend, user/groups are not set on the app context,
so we can't check them in the requires_role wrapper; skip the checking
if the backend is noauth.
Automatically set login_disabled in the config, to avoid a confusing
interaction between auth_backend and login_disabled.
Remove the leftover AUTHORIZED_DISABLED in conf/config.py - it was
no longer used for anything.