[shopify] A non-privileged user may create an admin account in Stocky

Missing, or maybe insufficient authentication checks on the /users/create_admin endpoint allowed any user (even one not logged in) to create a new administrative account and gain full admin privileged within the Stocky app.