Implement CSRF protection on the authentication flow

Due to the recent 'discord virus', or better known as a phishing site that hijacked accounts, I think this would be a good idea to implement this.

They claim that because there was no CSRF protections (headers or CSRF tokens), they were able to authenticate and bypass the IP detection.

I find it interesting how such prevention methods are documented for the OAuth system, but haven't been implemented for Discord's own authentication flow.

Further, CSRF is prevented on the main site, but not the login endpoint???

This is specifically referring to https://discordapp.com/api/v6/auth/login