Default authentication classes may not be suitable

Currently the boilerplate defaults to using rest framework's SessionAuthentication and a sub-class of TokenAuthentication for the default authentication classes for all endpoints. This may not be a suitable approach, especially as our core strategy is to deploy behind the API gateway and alongside the gateway emulator for local development, these default settings prevent any requests being made to the API in local development.