Improve documentation around CSRF

[jonas-jonas]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] This issue affects my Ory Cloud project.
• [X] I have joined the Ory Community Slack.
• [X] I am signed up to the Ory Security Patch Newsletter.

Describe your problem

The current CSRF documentation in the Kratos section only describes that Anti-CSRF measures are used and some "common pitfalls". While these are useful, there is little to no context that describes what CSRF is and how it is used in Kratos. For users unfamiliar with CSRF and it's counter measures, this can be quite confusing, and they would need to Google for alternative documentation to fully understand the topic.

Describe your ideal solution

Ideally, we would describe the whole Anti-CSRF logic in all flows and how they are implemented and their implications for all sorts of use-cases.

That is probably not feasible, so at the very least we should add a section, that references some state-of-the-art documentation, for example https://owasp.org/www-community/attacks/csrf or others.

Workarounds or alternatives

Google your way to some Documentation on what CSRF is and how to prevent it.

Version

Additional Context

No response