Check `Token` header instead of `Cookie` header from rdsys

In #162 (closed) we decided that onbrisca authorizes the requests via a token in Cookie header, however tpo/anti-censorship/rdsys#174 (closed) doesn't set it with the Cookie header but the Token and Authorization headers. Therefore onbrisca has already been changed in production to look at these header instead to authorize the request.