Before we would block the `sign_out` request when the user did not
accept the terms, therefore redirecting them to the terms again.

By allowing all request to devise controllers, we avoid this problem.