Currently we always use the flag POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION when checking if a subject is authorized for an action, meaning that we cause polkit to create an interactive dialog box. However since GLib 2.46, there has been a flag G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION which indicates if the caller is prepared to have the user authenticate (e.g. it's a user-facing program not a daemon). So, check for this flag in daemon_local_check_auth().
The impetus for this patch is that in the Endles fork of gnome-control-center we use the library malcontent, and call mct_manager_get_app_filter() even when we don't have permission to actually read the user's app filter, since it shouldn't cause a dialog without MCT_GET_APP_FILTER_FLAGS_INTERACTIVE being passed to it. However because accountsservice doesn't respect G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, polkit attempts to create an auth dialog anyway (and hits an error but that's a separate gnome-shell bug).
I think this patch can't be merged yet, because libaccountsservice uses code generated by gdbus-codegen to interact with this daemon, and that code does not set G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION (which is translated by GLib into G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION). So as things stand all users of the library are treated as not allowing interactive auth, which is the opposite of what we want for backwards compatibility.