minor #8003 adding note that CSRF protection has to be enabled in config (JensPliester, javiereguiluz)

This PR was submitted for the 2.8 branch but it was merged into the 2.7 branch instead (closes #8003).

Discussion
----------

adding note that CSRF protection has to be enabled in config

This issue should be mentioned in the guide.
If CSRF Protection is disabled, Symfony won't find the CSRF-Token manager, implicating a missing package.
But all was needed was setting csrf_protection to true in config.yml.

Commits
-------

17fdd2e Reworded the help note
b948747 adding note that CSRF protection has to be enabled in config

Author: xabbuh

security/csrf_in_login_form.rst

@@ -16,9 +16,18 @@ for CSRF. In this article you'll learn how you can use it in your login form.
 Configuring CSRF Protection
 ---------------------------
 
-First, configure the Security component so it can use CSRF protection.
-The Security component needs a CSRF token provider. You can set this to use the default
-provider available in the Security component:
+First, make sure that the CSRF protection is enabled in the main cofiguration
+file:
+
+.. code-block:: yaml
+
+    # app/config/config.yml
+    framework:
+        # ...
+        csrf_protection: ~
+
+Then, the security component needs a CSRF token provider. You can set this to
+use the default provider available in the security component:
 
 .. configuration-block::