Disable access to critical CGIs via untrusted referrers.
This prevents users from being tricked by malicious websites
into making unintentional configuration changes:
- Added flag to each cgi_dispatcher that allows or denies
external linking
- Introduced proviorical function that greps for the
referrer header before regular header parsing happens
- Added safety check to dispatch_known_cgi. CGI is called
if (cgi harmless || no referrer || we are referrer).
Else a) toggle calls are modified not to change status and
b) all other calls are denied.