Add back xsrf and csrf protection to Jupyter

[ericfranz]

We disabled it for an immediate fix to connecting to Jupyter as we launch using https://github.com/OSC/bc_osc_jupyter/blob/master/connection.html.mustache

The error actually said that the POST was missing _xsrf. So I think we could actually set a hidden field _xsrf with the proper value and it would work. Since we are starting the server, its possible we would know this ahead of time. However, implementing #8 would be another option and then we could just reenable the xsrf/csrf protection because we wouldn't be using POST via a form anymore from vncsim.