Detects Express "csrf" middleware setup before "method-override" middleware (`security/detect-no-csrf-before-method-override`)

⚠️ This rule warns in the ✅ recommended config.

This can allow GET requests (which are not checked by csrf) to turn into POST requests later.