CSRF directory needs to be writeable for creating the csrf-secret.php file

[thurban]

Describe the bug

During the installation the installer tells you to make the CSRF path read-only after the installation finished. It does not tell where it is or provide an example for how to set the write permissions.
The installation completes regardless of the setting but it causes a lot of permission error logging in the cacti log.

Also the csrf-secret.php file can be access directly, exposing the secret to the web. It should be hidden and not returning the plain secret.

To Reproduce

Install a fresh Cacti

Expected behavior

Either show example commands or move the csfr-secret.php somewhere where it can be written/created.

Screenshots

Desktop (please complete the following information)

• OS: [e.g. iOS]

• Browser [e.g. chrome, safari]

• Version [e.g. 22]

Smartphone (please complete the following information)

• Device: [e.g. iPhone6]

• OS: [e.g. iOS8.1]

• Browser [e.g. stock browser, safari]

• Version [e.g. 22]

Additional context

Add any other context about the problem here.

[TheWitness]

@netniV, assigned this to you. I think at least in the example we should show the vendor directory, without much explanation as a directory that only requires write for install. This is a one line change. We can do something glorious (aka different) in 1.3.

[TheWitness]

Changing the assignment here since we have a little more time before release.