bx509d: Add /get-tgts batch end-point
In order to support batch jobs systems that run many users' jobs and
which jobs need credentials, we add a /get-tgts end-point that is a
batched version of the /get-tgt end-point. This end-point returns JSON.
Also, we make GETs optional, default to not-allowed in preference of
POSTs.
We also correct handling of POST (before POSTs with non-zero-length bodies
would cause the server to close the connection), and add additional CSRF
protection features, including the ability to disable all GET requests
for /get-keys and /get-config.