[FEATURE] Provide flag for disabling link protection in UriBuilder
This introduces a new flag for the UriBuilder which allows to configure
if a link built by the UriBuilder may be modified by some security
mechanism or not. FLOW3's CSRF protection mechanism now considers this
By disabling link protection, it is now possible on a per-link basis,
to generate a link without CSRF protection tokens for cases when it's
clear that links are public.
This patch also removes the CSRF protection of links used in ExtDirect
services. This needs to be re-implemented in the ExtJS package.