Mention csrf trusted origin configuration in handbook

Probably also mention in changelog