Add XSRF mitigation to form processing actions

That's better, thanks. I will make sure to add this to the 'Inserting anti-CSRF tokens into HTML forms' deployer doc.

I probably should have looked at some sort of auto-csrf approach to dynamically embed the token into forms. I could still look into that, or maybe as an  enhancement later on - or maybe it is overkill given the IdP will only have a limited number of views and forms and just parsing the csrf.vm template is similar to adding a JSP tag etc.

I moved the input element boilerplate into system/views/csrf/csrf.vm so it's system-controllable HTML, and removed the id attribute (there was one view where it was included twice, so technically the HTML IDs would collide.

Agreed w.r.t the upgrade and new install defaults. 

This all looks pretty good to me, without having dug into the code itself much.

My guess given which files are going to get skipped on an upgrade is that a new install is safe to enable it using the include "*" and exclude list approach. Upgrades will default to having it off, and people can choose how to apply it then if they have custom views that they don't want to mess with.

But this is probably one of those cases where the internal property defaults may not match what we want to include in the file. We probably want to default the include and exclude lists to nothing as a code/wiring default.

Finished PoC for the listener implementation. https://wiki.shibboleth.net/confluence/display/DEV/Anti-CSRF+FlowExecutionListener+Implementation

Overview of views suitable for CSRF protection: https://wiki.shibboleth.net/confluence/display/DEV/CSRF+FlowExeuctionListener+testing%2C+all+views+overview