Fix /!/nocache and /!/csrf CSRF exemption on Laravel 13

Laravel 13 renamed the CSRF middleware from ValidateCsrfToken to
Illuminate\Foundation\Http\Middleware\PreventRequestForgery. The legacy
VerifyCsrfToken and ValidateCsrfToken classes are now @deprecated
subclasses of PreventRequestForgery.

The route exemptions here use withoutMiddleware([VerifyCsrfToken]),
and Laravel's Router::resolveMiddleware excludes via
ReflectionClass::isSubclassOf — but PreventRequestForgery is the
*parent* of the listed classes, not a subclass, so the check returns
false and the exemption is a no-op. The CSRF check fires on the
unauthenticated POST and Laravel throws TokenMismatchException, so the
client-side nocache bootstrap cannot hydrate regions under full static
caching, and /!/csrf cannot refresh the token either.

Adding PreventRequestForgery to both lists fixes Laravel 13 while
keeping the existing entries for Laravel 10-12 compatibility via the
deprecated aliases.

Author: ynamite

routes/web.php

@@ -98,11 +98,11 @@
 
         Route::post('nocache', NoCacheController::class)
             ->middleware(NoCacheLocalize::class)
-            ->withoutMiddleware(['App\Http\Middleware\VerifyCsrfToken', 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken'])
+            ->withoutMiddleware(['App\Http\Middleware\VerifyCsrfToken', 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken', 'Illuminate\Foundation\Http\Middleware\PreventRequestForgery'])
             ->name('nocache');
 
         Route::post('csrf', CsrfTokenController::class)
-            ->withoutMiddleware(['App\Http\Middleware\VerifyCsrfToken', 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken']);
+            ->withoutMiddleware(['App\Http\Middleware\VerifyCsrfToken', 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken', 'Illuminate\Foundation\Http\Middleware\PreventRequestForgery']);
 
         Statamic::additionalActionRoutes();
     });