create separate API methods for tokens (short-lived) and personal access tokens (long-lived), include global antiforgery filter to mitigate XSRF when using cookie auth (ignored when using Jwt)

Oqtane.Client/Services/Interfaces/IUserService.cs

@@ -109,5 +109,11 @@ namespace Oqtane.Services
         /// </summary>
         /// <returns></returns>
         Task<string> GetTokenAsync();
+
+        /// <summary>
+        /// Get personal access token for current user (administrators only)
+        /// </summary>
+        /// <returns></returns>
+        Task<string> GetPersonalAccessTokenAsync();
     }
 }