Adds a parameter to BeginUmbracoForm to allow the disabling of the creation of an antiforgery token.

[AndyButland]

The request that led to this PR came up on Forms, where we've historically allowed people to disable the antiforgery token check that is otherwise included by default. There are apparently reasons why people want or need to do this (forms in IFRAMEs is one I understand).

With Forms whilst we disable the check, we still render the antiforgery token with the form, which creates a cookie. The request we got was to remove this as it's unnecessary and people want to keep the number of cookies they issue and need to justify to a minimum.

For Forms 8 we can just omit the @Html.AntiforgeryToken from the partial view. But we don't have that option for 9+ as it's added automatically when using Html.BeginUmbracoForm.

Microsoft's Html.BeginForm does have a parameter to do this, so I've used the same name and type to add it to Html.BeginUmbracoForm. I've added a couple of further overloads to allow providing this.

If the value for the antiforgery parameter is set to true, then the anti-forgery token won't be output in the HTML mark-up.

If we can get this in Umbraco 10 or 11 we'll be able to make use of it in Forms 11+.

To Test:

• Create a form that posts to a surface controller, e.g.:

@using Umbraco.Cms.Web.UI.Controllers
@model Umbraco.Cms.Web.UI.Models.ContactFormViewModel

@using (Html.BeginUmbracoForm<ContactFormController>(nameof(ContactFormController.Submit)))
{
    <div>
        <label asp-for="Message"></label>
        <textarea asp-for="Message"></textarea>
    </div>
    <br/>
    <input type="submit" name="Submit" value="Submit" />
}

using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Core.Cache;
using Umbraco.Cms.Core.Logging;
using Umbraco.Cms.Core.Routing;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Core.Web;
using Umbraco.Cms.Infrastructure.Persistence;
using Umbraco.Cms.Web.UI.Models;
using Umbraco.Cms.Web.Website.Controllers;

namespace MyNamepsace
{
    public class ContactFormViewModel
    {
        public string Message { get; set; } = string.Empty;
    }
    
    public class ContactFormController : SurfaceController
    {
        public ContactFormController(
            IUmbracoContextAccessor umbracoContextAccessor,
            IUmbracoDatabaseFactory databaseFactory,
            ServiceContext services,
            AppCaches appCaches,
            IProfilingLogger profilingLogger,
            IPublishedUrlProvider publishedUrlProvider)
            : base(umbracoContextAccessor, databaseFactory, services, appCaches, profilingLogger, publishedUrlProvider)
        { }

        [HttpPost]
        public IActionResult Submit(ContactFormViewModel model)
        {
            if (!ModelState.IsValid)
            {
                return CurrentUmbracoPage();
            }

            return RedirectToCurrentUmbracoPage();
        }
    }
}

• Check you can submit the form.
• Replace the BeginUmbracoForm line in the partial with:

Html.BeginUmbracoForm<ContactFormController>(nameof(ContactFormController.Submit), FormMethod.Post, antiforgery: false)

• View source and confirm that the antiforgery token isn't rendered.
• Submit the form and confirm that you get an error (as the antiforgery token check will fail.
• Add the [IgnoreAntiforgeryToken] attribute to the controller's action method, and confirm you can now submit the form.