Fix CSRF validation failure in reauthenticate flow

auth_reauthenticate() redirects to login_password_page.php via GET,
bypassing login_page.php which normally generates the CSRF token.
The form_security_validate() call therefore always fails with
ERROR #2800, making re-authentication impossible.

Fix: read $f_reauthenticate before the CSRF check and skip validation
for that path. The token rendered in the form still protects the
subsequent password submission via login.php.

Fixes 0037130, PR https://github.com/mantisbt/mantisbt/pull/2220