remove CSRF requirement

Keycloak 25 requires us to disable cookie usage in the scim plugin, we are only using cookies because of the CSRF protection in the ipa-tuura middleware settings.py https://docs.djangoproject.com/en/5.1/ref/csrf/  - CSRF protection should not be used for REST APIs (CORS is an alternative if needed).