feat: csrf support referer type

[whxaxes]

Checklist

• [x] npm test passes
• [x] tests and/or benchmarks are included
• [x] documentation is changed or added
• [x] commit message follows commit guidelines

Affected core subsystem(s)

Description of change

目前 csrf 仅支持 ctoken 校验，但是在某些场景 cookie 有可能存在丢失的情况，所以加上 referer 的校验可作为第二选择。

[codecov[bot]]

Codecov Report

Merging #56 into master will increase coverage by 0.21%. The diff coverage is 100%.

@@            Coverage Diff             @@
##           master      #56      +/-   ##
==========================================
+ Coverage   96.13%   96.35%   +0.21%     
==========================================
  Files          30       30              
  Lines         492      521      +29     
==========================================
+ Hits          473      502      +29     
  Misses         19       19

Impacted Files	Coverage Δ
config/config.default.js	100% <ø> (ø)	:arrow_up:
lib/middlewares/csrf.js	100% <100%> (ø)	:arrow_up:
app.js	100% <100%> (ø)	:arrow_up:
app/extend/context.js	100% <100%> (ø)	:arrow_up:
lib/utils.js	84.61% <100%> (+1.51%)	:arrow_up:

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 1890644...e464d7d. Read the comment docs.

[whxaxes]

其他人也看看？

[perzy]

cool !

[whxaxes]

没其他问题我就合了

[whxaxes]

2.6.0

[whxaxes]

有问题，先改 dist-tag 了，我发个 patch 修复一下

[whxaxes]

https://github.com/eggjs/egg-security/pull/58