Return X-User header even when SSO is disabled

Frontend currently fails to load properly if backend has SSO disabled. This is because the frontend expects the x-user header to exist. The easier solution is to include the header in all responses whether or not SSO is enabled. If disabled, the user object should just be a generic user with all priveleges.