refact: Replace github.com/gorilla/csrf with filippo.io/csrf/gorilla

[Ankush-Pathak]

Thank you for contributing to Harbor!

Comprehensive Summary of your change

github.com/gorilla/csrf is now out of maintainence[0][1].
Harbor is currently vulnerable to CVE-2025-47909 through github.com/gorilla/csrf.
filippo.io/csrf/gorilla is a drop-in replacement that remediates CVE-2025-47909.

[0]: https://github.com/orgs/gorilla/discussions/44
[1]: https://words.filippo.io/last-resort/

Issue being fixed

No issue filed

Please indicate you've done the following:

• Well Written Title and Summary of the PR
• Label the PR as needed. "release-note/ignore-for-release, release-note/new-feature, release-note/update, release-note/enhancement, release-note/community, release-note/breaking-change, release-note/docs, release-note/infra, release-note/deprecation"
• Accepted the DCO. Commits without the DCO will delay acceptance.
• Made sure tests are passing and test coverage is added if needed.
• Considered the docs impact and opened a new docs issue or PR with docs changes if needed in website repository.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 46.53%. Comparing base (c8c11b4) to head (e5dcb2a).
⚠️ Report is 573 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #22433      +/-   ##
==========================================
+ Coverage   45.36%   46.53%   +1.16%     
==========================================
  Files         244      252       +8     
  Lines       13333    14255     +922     
  Branches     2719     2927     +208     
==========================================
+ Hits         6049     6634     +585     
- Misses       6983     7266     +283     
- Partials      301      355      +54     

Flag	Coverage Δ
unittests	46.53% <ø> (+1.16%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 178 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Ankush-Pathak]

I'm not able to add labels to the PR. Could someone add release-note/update to this PR?

[Ankush-Pathak]

Some of the unit tests are failing locally with [FATAL] [/common/utils/test/database.go:33]: environment variable POSTGRESQL_HOST is not set, I'm figuring out my environment to fix that. Other than that they look good.