Use shouldAllowPublic(), not shouldRequireLogin(), for Legalpad

Summary: This got written a while ago and is using slightly incorrect gating on logged-out users. The names of these methods should probably be more clear too, but basically "shouldAllowPublic()" is for "this page may be usable to logged-out users, if policies allow it", while "shouldRequireLogin()" is for "this page should skip various credential checks". One of the skipped checks is email verification. This method should maybe be something like "isAuthenticationRelatedOrNoncredentialPage()" but I don't have a good name for that.

Test Plan: Unverified users are now prompted to verify email when viewing a legalpad document, instead of allowed to sign it.

Reviewers: rush898, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9857