Add csrf_token template tag

[joshuadavidthomas]

Wasn't sure how to handle the settings.DEBUG here:

        else:
            # It's very probable that the token is missing because of
            # misconfiguration, so we raise a warning
            if settings.DEBUG:
                warnings.warn(
                    "A {% csrf_token %} was used in a template, but the context "
                    "did not provide the value. This is usually caused by not "
                    "using RequestContext."
                )
            return ""

https://github.com/django/django/blob/e183d6c26c8da4486c151f9ce973828e2404a796/django/template/defaulttags.py#L86-L95

Ended up importing django.conf.settings directly following the pattern of other Django imports in the codebase. Let me know if you want to take a different approach.

[codecov]

Codecov Report

❌ Patch coverage is 92.38095% with 8 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
src/render/tags.rs	61.90%	1 Missing and 7 partials ⚠️

📢 Thoughts on this report? Let us know!

[LilyFirefly]

Thanks for making a start on this!

I think the biggest thing we need is to integrate with context_processors, so the csrf processor can add csrf_token to the context. Some of this is implemented for Engine, but it needs integration in Template::render.

I'm also wondering if I've prematurely optimised Context, so if the structure there is painfully different to how Django does it, we can refactor to be more similar and reconsider optimisation later when we have benchmarks.

[LilyFirefly]

I think the main tests should add csrf_token via the context processor.

This means these tests will need some refactoring to ensure the context processors are run for both Python and Rust engines.

We should also have extra tests that also set it explicitly like this.