Add error and troubleshooting headers. Clarified the suggestion to a

recomendation on @csrf fields.

Author: rouilj

doc/upgrading.txt

@@ -131,9 +131,12 @@ field/header is missing it allows access. Setting these
 fields to ``required`` blocks access if the header/nonce is
 missing.
 
-It is suggested that you change your templates so every form
-has an @csrf field and change the setting to 'required' for
-the csrf_enforce_token.
+It is recommended that you change your templates so every form
+that is not submitted via GET has an @csrf field. Then change
+the csrf_enforce_token setting to 'required'.
+
+Errors and Troubleshooting
+~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 If you see the @csrf nonce in the URL, you have added the value to a
 form that uses the GET method. You should remove the @csrf token from
@@ -303,6 +306,9 @@ or with::
 the important part is that the action field **must not** include any query
 parameters ('#' includes query params).
 
+Errors and Troubleshooting
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
 One symptom of failing to do this is getting an error:
 
    Unrecognized scheme in ....
@@ -513,6 +519,9 @@ permissions to your schema.py::
     description="User is allowed to Search queries for creator")
   db.security.addPermissionToRole('User', s)
 
+Errors and Troubleshooting
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
 If you do not do this, public queries will be listed twice in the edit
 interface. Once in the "Queries I created" section and again in the
 "Queries others created" section of the query edit page