Rack::Protection::AuthenticityToken.token(session) can now make sure that
an authenticity token is set in the session before returning a masked
version of the token. Any Rack app that shares the session can use this
method when building a form for an app that uses rack-protection.
Removes references to Rails compatibility as rack-protection 2.0
officially breaks that promise.