Clarify that an access token is optional on the `POST /account/password` and `POST /account/deactivate` endpoints.