* allow bypassing credential in access token check
for certain use cases (SIP server creating dispatch), it's desirable to
issue tokens containing credentials so features like auto-egress could
continue to function
* use this for sip tokens
* changeset
* test