client/web: add csrf protection to web client api

Adds csrf protection and hooks up an initial POST request from
the React web client.

Updates tailscale/corp#13775

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>

client/web/src/components/app.tsx

@@ -3,7 +3,9 @@ import { Footer, Header, IP, State } from "src/components/legacy"
 import useNodeData from "src/hooks/node-data"
 
 export default function App() {
-  const data = useNodeData()
+  // TODO(sonia): use isPosting value from useNodeData
+  // to fill loading states.
+  const { data, updateNode } = useNodeData()
 
   return (
     <div className="py-14">
@@ -15,7 +17,7 @@ export default function App() {
           <main className="container max-w-lg mx-auto mb-8 py-6 px-8 bg-white rounded-md shadow-2xl">
             <Header data={data} />
             <IP data={data} />
-            <State data={data} />
+            <State data={data} updateNode={updateNode} />
           </main>
           <Footer data={data} />
         </>