Fixes T11480. This cleans up the error logs a little by quieting three common errors which are really malformed requests:
- The CSRF error happens when bots hit anything which does write checks.
- The "wrong cookie domain" errors happen when bots try to use the security.alternate-file-domain to browse stuff like /auth/start/.
- The "no phcid" errors happen when bots try to go through the login flow.
All of these are clearly communicated to human users, commonly encountered by bots, and not useful to log.
I collapsed the CSRFException type into a standard malformed request exception, since nothing catches it and I can't really come up with a reason why anything would ever care.