Gitlab::RequestForgeryProtection::Controller#index is not actually
user-reachable; we use it as a way of testing whether a request contains
a valid CSRF token.

However, because we put a request through this controller, it gets
logged. That means we get confusing log entries for this controller and
API paths, which are duplicated - they have the same request ID as the
'actual' request.