Allow write-on-read for zip export requests

[Rotonen]

• Explicitly require plone4.csrffixes
  • This is required to get a new enough plone.protect for Plone <4.3
  • We need to pin plone.protect, plone.keyring and plone.locking
  • I am unsure as to how to do this the most correctly currently
• Explicitly disable Plone.protect for the zip export views

Fixes #38

[Rotonen]

Root of the issue:

1. Export a zip with invalid CSRF
2. Journal transaction gets rejected
3. Still receive your zip payload

There are many ways to go about this one.

[Rotonen]

The fix for this does not actually belong here. I will rather solve this in ftw.journal.