fix: use current_app instead of 'app' for callbacks. (#176)

Not sure this really mattered - but makes things uniform.
For @before_first_request callbacks - use current_app rather than app.

flask_security/core.py

@@ -854,7 +854,7 @@ def _register_i18n():
             # N.B. as of jinja 2.9 '_' is always registered
             # http://jinja.pocoo.org/docs/2.10/extensions/#i18n-extension
             if "_" not in app.jinja_env.globals:
-                app.jinja_env.globals["_"] = state.i18n_domain.gettext
+                current_app.jinja_env.globals["_"] = state.i18n_domain.gettext
 
         @app.before_first_request
         def _csrf_init():
@@ -905,9 +905,9 @@ def _csrf_init():
             if csrf:
                 csrf.exempt("flask_security.views.logout")
             if csrf_cookie and csrf_cookie["key"]:
-                app.after_request(csrf_cookie_handler)
+                current_app.after_request(csrf_cookie_handler)
                 # Add configured header to WTF_CSRF_HEADERS
-                app.config["WTF_CSRF_HEADERS"].append(cv("CSRF_HEADER"))
+                current_app.config["WTF_CSRF_HEADERS"].append(cv("CSRF_HEADER"))
 
         app.extensions["security"] = state