Migrate to stateless CSRF tokens

[marien-probesys]

Symfony 7.2 introduced the concept of "stateless" CSRF tokens. This system is very appealing, but it comes with two requirements:

• in production, we must be sure that the Origin and Referer headers are correctly set (because they are probably not forwarded from the reverse proxy)
• as the CSRF verification requires some JavaScript, we'll probably have to write some code to get the CSRF token

The existing system works well so we have no plan to migrate soon. However, this new system could improve the UX as the users shouldn't face the "The CSRF token is invalid" error anymore.

References:

• Symfony Stateless CSRF page: https://symfony.com/blog/new-in-symfony-7-2-stateless-csrf
• Documentation about CSRF: https://symfony.com/doc/current/security/csrf.html
• Documentation about reverse proxies: https://symfony.com/doc/current/deployment/proxies.html
• Truster proxies PR: tec: Allow to declare trusted proxies #974
• Initial ticket: Upgrade to Symfony 7.3 #920