Resolve more CSRF issues

[damianhxy]

This PR serves to change GET requests to POST requests where appropriate to preempt future CSRF attacks.

Description

Changed the following routes to POST

• unsudo (Priority: Medium)
• reload (course / assessment config) (Priority: Low)
• release all grades (Priority: Critical)
• invalidate (Priority: Low)
• github_revoke (Priority: Medium)

Motivation and Context

Using GET incorrectly opens Autolab up to CSRF attacks. Changing the appropriate routes to POST protects us against these attacks.

How Has This Been Tested?

For each of the following, tested that GET no longer works, POST works as expected, fudging token causes an error

• Unsudo [Sudo to an arbitrary user via Manage Course - Act as user. Check unsudo button both in normal layout, and mobile layout]
• Reload course config [Manage course - reload course config file]
• Reload assessment config [Go to an assignment - reload config file (under Admin Options and CA options)]
• Release all grades [Manage course - release all grades]
• Invalidate [Gradebook - refresh button]
• github_revoke (set up github integration where url is http://localhost; connect account. Check revoke button in user profile page]

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• I have run rubocop for style check. If you haven't, run overcommit --install && overcommit --sign to use pre-commit hook for linting
• My change requires a change to the documentation, which is located at Autolab Docs
• I have updated the documentation accordingly, included in this PR

[20wildmanj]

• Checked that all methods still work as intended (Disregarding issue with Tango functioning properly which is addressed in #1524)
• GET requests all return routing errors
• POST from cross-site causes authentication error

Added two minor comments but otherwise LGTM

[20wildmanj]

Unrelated to this particular PR but I feel like when in "Act as User" there isn't enough of a visual indication that you are a student since it's just a small part of the top bar / Reset User should be something more like "Return to Instructor View":

Also the language for the notification when you return to instructor view is a bit weird:

Very small things but wanted to document.

[20wildmanj]

Looks good now, functionality still works, GET fails + cross-site POST fails as well, so CSRF protection is working. Thanks for the changes as well to sudo, makes it easier to understand! Ready to merge.