Prevent getting apps state for unauthorized machine

This is a result of the following comment !272 (comment 196568).

As Tomek pointed out, if you click on the unauthorized machine you're taken to the same view as in case of authorized machines. There used to be a button Get Latest State which, if clicked, would fetch apps information regardless if the machine is authorized or not. The button was removed for unauthorized machines in #485 (closed), but it is still possible to fetch the state via REST. I think it should be secured at the REST level, i.e. when the machine is unauthorized we should not fetch apps state.