Set logUnauthorized: false in crumb plugin configuration

[davidjamesstone]

https://eaflood.atlassian.net/browse/DF-1075

#974 introduced forwardLogs to make sure internal/plugin logging using standard hapi request.log & server.log were forwarded to pino/opensearch.

This allowed us to confirm the 403's are being issued by crumb when there's a CSRF token mismatch.
Now we know this is the correct behaviour, we can turn off crumb logUnauthorized so we don't log twice. We'll still get the 403 logged once via errorPages.ts

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[davidjamesstone]

I did that PR prior to us finding out about:

• the 403's that are issued when ?force
• the 403's that CDP/WAF were issuing prior to this morning's fix

I'm going to keep the crumb logs in for now, with the expectation that they should tail off.

[alexluckett]

I did that PR prior to us finding out about:

* the 403's that are issued when ?force

* the 403's that CDP/WAF were issuing prior to this morning's fix

I'm going to keep the crumb logs in for now, with the expectation that they should tail off.

ah gotcha, i forgot. looks like your new version of engine is pulled into this repo, so I assume we can close this PR now @davidjamesstone ?

[davidjamesstone]

I did that PR prior to us finding out about:

* the 403's that are issued when ?force

* the 403's that CDP/WAF were issuing prior to this morning's fix

I'm going to keep the crumb logs in for now, with the expectation that they should tail off.

ah gotcha, i forgot. looks like your new version of engine is pulled into this repo, so I assume we can close this PR now @davidjamesstone ?

Closed. We can re-open if/when we're happy they've tailed off. 👍