Forms: Deprecate `local:` and `remote:` options

[seanpdoyle]

Motivation / Background

There are two two parts to interpreting the form_for helper's remote: option, and the form_with helper's local: option:

1. The [data-remote] attribute:

   When remote: true or local: false, Action View generates <form> elements with [data-remote="true"]. When passed remote: false or local: true, the [data-remote] attribute is omitted.

   Omitting the options is equivalent to remote: true and local: false.

2. CSRF tokens

   When remote: true or local: false, Action view generates <form> elements without any CSRF tokens encoded as <input type="hidden"> elements.

   When remote: false or local: true, Action view generates <form> elements with an embedded CSRF token either generated on the fly, or forwarded along from the form helper method's authenticity_token: option.

   When omitted, their default values are handled by two similar configuration values:

   • config.action_view.embed_authenticity_token_in_remote_forms for form_for and its remote: option

   • config.action_view.form_with_generates_remote_forms for form_with and its local: option

Detail

This commit renders deprecation warnings when local: or remote: options are passed to form_with and form_for, respectively. Also deprecate config.action_view.embed_authenticity_token_in_remote_forms and config.action_view.form_with_generates_remote_forms configurations.

Checklist

Before submitting the PR make sure the following are checked:

• [x] This Pull Request is related to one change. Changes that are unrelated should be opened in separate PRs.
• [x] Commit message has a detailed description of what changed and why. If this PR fixes a related issue include it in the commit message. Ex: [Fix #issue-number]
• [x] Tests are added or updated if you fix a bug or add a feature.
• [x] CHANGELOG files are updated for the changed libraries if there is a behavior change or additional feature. Minor bug fixes and documentation changes should not be included.