Make Plugin work for users without upload_files permission

[kraftner]

Currently the plugin checks for upload_fileseverywhere.
Also when using the multi-uploader everything sits on top of wp-admin/async-upload.php which also checks for this permission.

So to make this work we'd need to find a safe way to enable that. Especially for async-upload.php this also needs to make sure that we only enable the upload for the avatar and not for everything. Maybe something like a nonce (a real one, not a WP nonce).

Also this would probably be the point where we should really have some central helpers to determine these kind of things. See #37.

[kraftner]

Concerning the multi-uploader the nonce to check this is actually coming from the profile page should probably go somewhere in AvatarRegisterMetaService

[kraftner]

The more I think about this the less I'm sure this should be handled by this plugin, but rather just a section in Readme on how to implement this. Reason is that we'd be messing with upload permissions which is a pretty serious thing.