updates to externalURL are not reflected in CSRF middleware

Created by: slimsag

The following violate the constraint that conf users respond to configuration changes appropriately:

1. The session store cannot handle the URL changing from HTTP -> HTTPS or vice-versa:

https://sourcegraph.com/github.com/sourcegraph/sourcegraph@ac24a24cf91b9fe29b69cf14619787b833f5cd3a/-/blob/cmd/frontend/internal/app/app.go#L25:18

2. The CSRF middleware also has the same issue:

https://sourcegraph.com/github.com/sourcegraph/sourcegraph@ac24a24cf91b9fe29b69cf14619787b833f5cd3a/-/blob/cmd/frontend/internal/cli/http.go#L48:18

In both cases, the site admin would just need to restart the frontend. This is a documented known bug, so it's not the end of the world: https://docs.sourcegraph.com/admin/config/critical_config#known-bugs