feat: Disable CSRF check for "/c/oidc/onboard" API for authenticating and Onboarding a User via API from Custom CLI

[Rajpratik71]

Thank you for contributing to Harbor!

Comprehensive Summary of your change

Issue being fixed

Fixes #16966

Please indicate you've done the following:

• [*] Well Written Title and Summary of the PR
• [*] Label the PR as needed. "release-note/ignore-for-release, release-note/new-feature, release-note/update, release-note/enhancement, release-note/community, release-note/breaking-change, release-note/docs, release-note/infra, release-note/deprecation"
• [*] Accepted the DCO. Commits without the DCO will delay acceptance.
• [*] Made sure tests are passing and test coverage is added if needed.
• [*] Considered the docs impact and opened a new docs issue or PR with docs changes if needed in website repository.

Signed-off-by: Pratik Raj rajpratik71@gmail.com

[AllForNothing]

@Rajpratik71 Please run git commit --amend -s to signoff to pass the DCO check

[Vad1mo]

makes sense, as onboarding is called directly without prior get

[codecov]

Codecov Report

Merging #16967 (86789da) into main (b8a71ac) will decrease coverage by 23.49%.
The diff coverage is n/a.

@@             Coverage Diff             @@
##             main   #16967       +/-   ##
===========================================
- Coverage   67.15%   43.65%   -23.50%     
===========================================
  Files         974      234      -740     
  Lines       81555    12858    -68697     
  Branches     2599     2599               
===========================================
- Hits        54767     5613    -49154     
+ Misses      23057     6938    -16119     
+ Partials     3731      307     -3424     

Flag	Coverage Δ
unittests	43.65% <ø> (-23.50%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...audit-log-purge/history/purge-history.component.ts	49.01% <0.00%> (-9.81%)	⬇️
src/server/middleware/csrf/csrf.go
src/lib/errors/const.go
src/pkg/notifier/notifier.go
src/pkg/proxy/secret/manager.go
src/server/middleware/log/log.go
src/common/models/oidc_user.go
src/pkg/exporter/harbor_cli.go
src/lib/endpoint.go
src/core/auth/oidc/oidc.go
... and 735 more

[Rajpratik71]

@AllForNothing @Vad1mo #16969 can be taken as final clean commit.

Let the all tests run here.

Don't pushed here to keep the tests running

[Rajpratik71]

Also @AllForNothing @Vad1mo

Can we cherry-pick this fix to older release of Harbor

[Rajpratik71]

@reasonerjt requesting review

[Vad1mo]

duplicate