Add CSRF protection to print_button function

As an additional note for this patch, we should ideally be sending
parameters to this function via $p_args_to_post where those parameters
are being used to change the state of Mantis. At the moment a form
security token is created for every call of print_button whereas we
really only need to do it when !empty($p_args_to_post). This requires a
bit of extra work outside the scope of this patch, and almost all uses of
print_button are to modify Mantis in some way, hence this partial fix.