Bug 36838: Add CSRF token to tags review AJAX requests

Bug 36838: Add CSRF token to tags review AJAX requests

The JavaScript for approving or rejecting tags in the staff interface's
tag review interface lacked a CSRF token for the POSTed requests. This
patch adds the token for "approve" and "reject" operations.

To test, apply the patch and clear your browser cache if necessary.

- If necessary, enable tags in system preferences.
- Log in to the OPAC and submit multiple tags on various records.
- In the staff interface, go to Tools -> Tags.
- Test the process of approving and rejecting tags by clicking the
  buttons in each row of the table of tags.
- The browser console should show no errors, and the lists of approved
  and rejected tags should correctly show the tags you moderated.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>