Fix the way we handle the application context

The init script was pushing an application context, which maked
flask.g global and persisted across requests. This was evaluated
to have a minimal security impact.

This explains/fixes #738: flask_wtf caches the csrf token in the
application context to have a single token per request, and only
sets the session attribute after the first generation.

core/admin/mailu/__init__.py

@@ -8,7 +8,6 @@ def create_app_from_config(config):
     """ Create a new application based on the given configuration
     """
     app = flask.Flask(__name__)
-    app.app_context().push()
     app.cli.add_command(manage.mailu)
 
     # Bootstrap is used for basic JS and CSS loading

core/admin/mailu/internal/views/auth.py

@@ -9,7 +9,7 @@ import base64
 
 @internal.route("/auth/email")
 @utils.limiter.limit(
-    app.config["AUTH_RATELIMIT"],
+    lambda: app.config["AUTH_RATELIMIT"],
     lambda: flask.request.headers["Client-Ip"]
 )
 def nginx_authentication():