Fixed csrf test that assumed an access token allows application access, which is actually api token.
Improved return type hinting in the StartSession middleware
This is useful to send HTTP requests (or their PSR-7 equivalents)
through the entire application's middleware stack (instead of
talking to specific controllers, which should be considered
implementation detail).
This testing package was initially a part of flarum/core, but was
extracted during the 0.1.0-beta.16 release cycle. The extraction was
made through git's filter-branch tool to preserve some useful history in
the repository.