switch to runFormPostNoToken to work around strange yesod bug

I am not happy about disabling yesod's XSRF tokens, but the webapp has two
guards of its own that should suffice: Listening only to localhost
(normally) and requiring its own auth token on every single request
(always).

Assistant/WebApp/Configurators/Preferences.hs

@@ -90,7 +90,7 @@ postPreferencesR :: Handler Html
 postPreferencesR = page "Preferences" (Just Configuration) $ do
 	((result, form), enctype) <- liftH $ do
 		current <- liftAnnex getPrefs
-		runFormPost $ renderBootstrap $ prefsAForm current
+		runFormPostNoToken $ renderBootstrap $ prefsAForm current
 	case result of
 		FormSuccess new -> liftH $ do
 			liftAnnex $ storePrefs new