Remove redundant app.UseAntiforgery() from Blazor Web templates

[DeagleGross]

Removes the explicit app.UseAntiforgery(); call from the two Program.cs variants of the BlazorWeb-CSharp template. The call is now redundant in Blazor apps because:

1. CsrfProtectionMiddleware (auto-injected by WebApplication.CreateBuilder since Implement Cross-Site Request Forgery Algorithm based on Fetch Metadata headers #66585) blocks cross-site state-changing requests via Sec-Fetch-Site / Origin headers — covering the protection that UseAntiforgery() was previously providing for Blazor form posts in the template.
2. The Razor Components endpoint invoker no longer self-validates token-based antiforgery when the new CSRF middleware ran — companion change in [breaking] Razor Components: defer to upstream antiforgery / CSRF middleware #67082. The token-generation side is also gated on the legacy AF middleware actually running, so omitting UseAntiforgery() is internally consistent.

Files changed

File	Variant
src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWebCSharp.1/Program.cs	Top-level statements
src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWebCSharp.1/Program.Main.cs	Main-style

Each file: 2 deletions (the app.UseAntiforgery(); line plus the now-orphan blank line below it).

Scope notes

A full-tree grep "UseAntiforgery" confirmed these are the only templates that call the method. No MVC, Razor Pages, Web API, or other Web templates touch antiforgery. Test assets and framework source intentionally left alone.

grep "Antiforgery" src/ProjectTemplates/test/ returns zero matches — no snapshot/baseline test needs updating.

Dependency

⚠️ Depends on #67082 (the Razor Components endpoint invoker noop work that makes this safe). Should merge after that PR. Without #67082, generated Blazor apps would throw on first request because EndpointMiddleware still requires the legacy AF middleware to have run.

Verification

• dotnet build src/ProjectTemplates/Web.ProjectTemplates/Microsoft.DotNet.Web.ProjectTemplates.csproj → 0 errors / 0 warnings.
• Re-grep across src/ProjectTemplates confirms no UseAntiforgery references remain in template content.

Closes #67084

[Copilot]

Pull request overview

This PR removes the explicit app.UseAntiforgery(); call from the Blazor Web C# template’s two Program.cs variants, intending to rely on the newer CSRF middleware behavior instead of the legacy antiforgery middleware.

Changes:

• Removed app.UseAntiforgery(); from the top-level statements template Program.cs.
• Removed app.UseAntiforgery(); from the Main-style template Program.Main.cs.

Show a summary per file

File	Description
src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWebCSharp.1/Program.cs	Removes UseAntiforgery() from the template pipeline.
src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWebCSharp.1/Program.Main.cs	Removes UseAntiforgery() from the template pipeline (Main-style).

Copilot's findings

• Files reviewed: 2/2 changed files
• Comments generated: 2