Fix some user-independent endpoints potentially reading session cookies (#24650)

app/controllers/well_known/nodeinfo_controller.rb

@@ -4,6 +4,10 @@ module WellKnown
   class NodeInfoController < ActionController::Base # rubocop:disable Rails/ApplicationController
     include CacheConcern
 
+    # Prevent `active_model_serializer`'s `ActionController::Serialization` from calling `current_user`
+    # and thus re-issuing session cookies
+    serialization_scope nil
+
     def index
       expires_in 3.days, public: true
       render_with_cache json: {}, serializer: NodeInfo::DiscoverySerializer, adapter: NodeInfo::Adapter, expires_in: 3.days, root: 'nodeinfo'