Sleep SafeRelease Notes

New: Added override hook to SleepSafeMiddleware to optionally exempt HTTP requests from being guarded.
New: CsrfTokenGuard.validateToken() to manually validate a CSRF token.
New: CSRF token timestamp is placed in HttpRequest.stash["afSleepSafe.csrf.tokenTs"] upon verification.
Chg: SameOriginGuard is disabled by default as the preferred Referrer-Policy header may interfer with it.
Chg: CSP report function now also prints out the User-Agent header.