Send a kbn-version header instead of kbn-xsrf-token

[spalger]

The current implementation of the XSRF token causes the front-end to require a refresh any time the backend restarts. This can be avoided by setting the XSRF token explicitly, but it has been identified as a common occurrence in the wild that users randomly end up with broken Kibanas. This issue is worsened by the lack of any unified error handling that tells the user they need to refresh the browser. Depending on what you are doing an error is either shown at the top of the screen or shown modally as a fatal error.

For now we should simply change the mechanisms that send the kbn-xsrf-token header with each request to send the kibana version instead. We should also implement #5574 which details how we should check this header to protect against XSRF.
#5573 talks about the new UI to inform users when there is a mismatch.