Add initial support for CSRF token protection

tailbone/templates/forms/form.mako

@@ -1,6 +1,7 @@
 ## -*- coding: utf-8 -*-
 <div class="form">
   ${h.form(form.action_url, id=form.id or None, method='post', enctype='multipart/form-data')}
+  ${form.csrf_token()}
 
   ${form.render_fields()|n}
 

tailbone/templates/login.mako

@@ -17,6 +17,7 @@
   <div class="form">
     ${form.begin(**{'data-ajax': 'false'})}
     ${form.hidden('referrer', value=referrer)}
+    ${form.csrf_token()}
 
     ${form.field_div('username', form.text('username'))}
     ${form.field_div('password', form.password('password'))}

tailbone/templates/purchases/batches/receive_form.mako

@@ -326,6 +326,7 @@
 
 <div class="form-wrapper">
   ${form.begin(id='receiving-form')}
+  ${form.csrf_token()}
   ${h.hidden('mode')}
   ${h.hidden('expiration_date')}
   ${h.hidden('ordered_product')}