Better CSRF errors #29
Description
Attempting to access a jwt_required endpoint with csrf enabled and allowing JWTs in headers or cookies results in the CSRF errors getting silently eaten. This happens because it is raising a NoAuthorizationError error for invalid CSRF, and this is the same error we are ignoring and later re-throwing if checking for the JWT in both cookies and headers.
Solution should be simple, add a new CSRF error. Only question is should this CSRF error be handled by the same unauthorized_loader callback, or should we have a new callback specific to CSRF errors. For now, I'm thinking the former makes the most sense.