Bug #685: only provide CSRF token if it exists

This was suggested by Nathan Yergler in the bug logs.
Just implementing it.

- Let render_csrf_form_token return None, if the CSRF_TOKEN
  is not available in the environ, because the
  process_request part of the meddleware has not yet run.

- In render_template: If the returned value from above is
  None, then do not add the csrf_token to the templates
  context.

mediagoblin/meddleware/csrf.py

@@ -50,6 +50,9 @@ def render_csrf_form_token(request):
     """Render the CSRF token in a format suitable for inclusion in a
     form."""
 
+    if 'CSRF_TOKEN' not in request.environ:
+        return None
+
     form = CsrfForm(csrf_token=request.environ['CSRF_TOKEN'])
 
     return form.csrf_token