[FIX] skip CSRF checks for Tiki server-side initiated remote calls to Tiki ajax services
Remote tracker synchronization fails creating new items as CSRF checks fail - origins are different and no CSRF ticket is submitted. We don't really need a CSRF check for a server-to-server call. This fix adds a "X-Requested-With: Tiki" header to all Tiki server-to-server initiated calls and skips CSRF checks if such a header exist. This header cannot be spoofed on the client side or in a CSRF scheme through a browser form.