feat: move CSRF to A3 (#1776)

CSRF is part of security misconfiguration in the OWASP Top 10.

src/main/java/org/owasp/webgoat/container/lessons/Category.java

@@ -34,30 +34,28 @@ import lombok.Getter;
  * @since October 28, 2003
  */
 public enum Category {
-  INTRODUCTION("Introduction", 5),
-  GENERAL("General", 100),
+  INTRODUCTION("Introduction"),
+  GENERAL("General"),
 
-  A1("(A1) Broken Access Control", 301),
-  A2("(A2) Cryptographic Failures", 302),
-  A3("(A3) Injection", 303),
+  A1("(A1) Broken Access Control"),
+  A2("(A2) Cryptographic Failures"),
+  A3("(A3) Injection"),
 
-  A5("(A5) Security Misconfiguration", 305),
-  A6("(A6) Vuln & Outdated Components", 306),
-  A7("(A7) Identity & Auth Failure", 307),
-  A8("(A8) Software & Data Integrity", 308),
-  A9("(A9) Security Logging Failures", 309),
-  A10("(A10) Server-side Request Forgery", 310),
+  A5("(A5) Security Misconfiguration"),
+  A6("(A6) Vuln & Outdated Components"),
+  A7("(A7) Identity & Auth Failure"),
+  A8("(A8) Software & Data Integrity"),
+  A9("(A9) Security Logging Failures"),
+  A10("(A10) Server-side Request Forgery"),
 
-  CLIENT_SIDE("Client side", 1700),
+  CLIENT_SIDE("Client side"),
 
-  CHALLENGE("Challenges", 3000);
+  CHALLENGE("Challenges");
 
   @Getter private String name;
-  @Getter private Integer ranking;
 
-  Category(String name, Integer ranking) {
+  Category(String name) {
     this.name = name;
-    this.ranking = ranking;
   }
 
   @Override

src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java

@@ -31,7 +31,7 @@ import org.springframework.stereotype.Component;
 public class CSRF extends Lesson {
   @Override
   public Category getDefaultCategory() {
-    return Category.A10;
+    return Category.A5;
   }
 
   @Override