[headless] Let websocket upgrade requests pass in AccessManager

This is because JavaScript in browsers apparently can not add Authentication
headers to websocket requests, so we use a dedicated authentication message there.

In Javalin 3, the AccessManager also handles websocket requests.
We need to let those pass to support JavaScript.
2 jobs for javalin-3.5 in 11 minutes and 46 seconds (queued for 7 minutes and 56 seconds)
Status Job ID Name Coverage
  Test
passed #4274
test

00:11:46

failed #4272
test

00:03:48