Add a `require_login` before_action to ApplicationController so we need to specifically make pages public rather than the reverse.