LFS servers can set an `authenticated: true` parameter in their upload
and verify instructions to tell the client not to search for
credentials to add to the request. However, this is optional - they may
simply return instructions containing an `Authorization: ....` header
instead. When this happens, the canonical LFS client doesn't overwrite
it with a locally-sourced Authorization header, so we shouldn't either.

This fixes pushing to GitHub, which seems to send the authenticated
hint intermittently.