Fix FP when logging in, Nextcloud Text app and when adding custom CSS code

[EsadCetiner]

This PR fixes a few false positives

1. Rules for fixing false positives when logging in, changing passwords, logging out etc assume the Nextcloud instance is not using pretty URLs. I've removed /index.php which should work for Nextcloud instances that both are and aren't using pretty URLs.
2. Fix few additional false positives with Nextcloud Text app including when accessing Nextcloud Text app via a public share.
3. Fix false positives with adding custom CSS code via Nextcloud Custom CSS app.

I've done ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS" for 9508128 and 9508129 since the parameter keeps on changing, it can vary from ARGS:json.steps.array_0.slice.content.array_0.content.array_0.text to ARGS:json.steps.array_100.slice.content.array_0.content.array_0.text.

[azurit]

Hi @EsadCetiner! Thank you for this PR. Can you explain why it is needed to completely disable CRS in all of new rules?

[EsadCetiner]

@azurit CRS is disabled for some paramaters and locations since the input can be anything. a few examples would be having code blocks that contains SQL commands inside the text app or custom CSS code for the custom CSS app, CRS does not work well for a use case like this.

[azurit]

Thank you, merging!