treewide: rework rollback/apply workflow

treewide: rework rollback/apply workflow

Rework the apply confirmation mechanism to be session agnostic in order to
circumvent cross domain restrictions which prevent the JS code from issuing
apply confirm requests in some cases, e.g. when changing the LAN IP.

Confirmation calls may now be done from unauthenticated pages, as long as a
matching confirmation token is sent along with the request.

The reasoning behind this is that there is little security impact in
confirming pending apply sessions, especially since those sessions can only
be initiated while being authenticated.

After this change, LuCI will now launch a confirmation process on every
rendered page when a rollback is pending. The confirmation will happen
regardless of whether the user is logged in or not, or if the current page
is a CBI form or static template.

A confirmation request now also requires a random one-time token which is
rendered along with the confirmation JavaScript code in order to succeed.

This token is not meant to provide security but to ensure that the confirm
was triggered from an interactive browser session and not some background
HTTP requests that happened to end up in the admin ui.

As a consequence, the different apply/confirm/rollback code paths in CBI
maps and the UCI change/revert pages have been consolidated into one common
implementation residing in the common global theme agnostic footer template.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>