Prevent bypassing authorized fetch mode with a json file

lib/pleroma/web/plugs/http_signature_plug.ex

@@ -16,7 +16,7 @@ def call(%{assigns: %{valid_signature: true}} = conn, _opts) do
   end
 
   def call(conn, _opts) do
-    if get_format(conn) == "activity+json" do
+    if get_format(conn) in ["json", "activity+json"] do
       conn
       |> maybe_assign_valid_signature()
       |> maybe_require_signature()