Set longer CSRF token duration (one week)

[mistercrunch]

Default is one hour (3600), also this entry makes the setting a bit more
discoverable
http://flask-wtf.readthedocs.io/en/stable/config.html?highlight=csrf

closes #4739

[codecov-io]

Codecov Report

Merging #4741 into master will increase coverage by <.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #4741      +/-   ##
==========================================
+ Coverage   72.25%   72.25%   +<.01%     
==========================================
  Files         205      205              
  Lines       15349    15350       +1     
  Branches     1182     1182              
==========================================
+ Hits        11090    11091       +1     
  Misses       4256     4256              
  Partials        3        3

Impacted Files	Coverage Δ
superset/config.py	92.3% <100%> (+0.05%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 969ff0c...543d201. Read the comment docs.

[betodealmeida]

This looks good, but we should have a better way of surfacing that the token expired. Ideally we'd redirect the user to the login page if the token expired, instead of just showing up an error message saying Unexpected error in the UI.

Right now when I see the Unexpected error message in the UI I know it's an expired token, because it happens frequently. I'm worried that a year from now we'll see the message and spend hours troubleshooting until we remember that it's caused by an expired token.

[mistercrunch]

I think SQL Lab surfaces the error properly and the explore view does give Unexpected error. Let me open an issue. Here: #4762