Automatically prolong CSRF token lifetime in forms

[intoeetive]

This PR is adding JS code that performs a ping to EE Action URL every hour to extend the form lifetime.

For guests, it will be extending the exp_csrf_token cookie. For logged in members, it will be extending the session lifetime (the token lives as long as the session lives)

With the session lifetime of 2 hours, that means that if they leave the page with the form open and the computer will be active, the form will still be valid to submit if they come after 2 hours. If however the computer goes to sleep for 2 hours, the session/token will be already dead and they will need to reload page (we could also send back the token and auto-inject that into the forms though, but I'd like to get initial review first)

The potential site effect (not tested though) is that they will probably not get logged out after 2h of inactivity - because there will be activity of AJAX calls.

The code will be automatically injected into pages that contain any form, unless disable_csrf_protection or disable_csrf_refresh config override is set