Fix bug when CSRF token does not appear in a form

[adisloom]

This fixes a bug when csrf_token value appears empty in a form in the case when a schema has been created before creating a session factory, i.e. ..input type="hidden" name="csrf_token" value="" id=.... Also, calling the function deferred_csrf_value() directly produced an error message "No session factory registered (see the Sessions chapter of the Pyramid documentation)". My fix calls the safe function get_csrf_token() which always returns a token, creates it if neccessary.

[adisloom]

The test fails because it uses DummyReqest. Real request works fine.

[stevepiercy]

@adisloom thank you for your pull request. However I cannot accept it because Deform does not require Pyramid, and this PR would make it a requirement. Pyramid is used only for running tests.