update upgrade files with CSRF related option info

UPGRADE-2.8.md

@@ -18,6 +18,12 @@ All components
 Form
 ----
 
+ * The `intention` option was deprecated and will be removed in 3.0 in favor
+   of the new `csrf_token_id` option.
+
+ * The `csrf_provider` option was deprecated and will be removed in 3.0 in favor
+   of the new `csrf_token_generator` option.
+
  * The "cascade_validation" option was deprecated. Use the "constraints"
    option together with the `Valid` constraint instead. Contrary to
    "cascade_validation", "constraints" must be set on the respective child forms,
@@ -522,12 +528,18 @@ Security
  * The `intention` option is deprecated for all the authentication listeners,
    and will be removed in 3.0. Use the `csrf_token_id` option instead.
 
+ * The `csrf_provider` option is deprecated for all the authentication listeners,
+   and will be removed in 3.0. Use the `csrf_token_generator` option instead.
+
 SecurityBundle
 --------------
 
  * The `intention` firewall listener setting is deprecated, and will be removed in 3.0.
    Use the `csrf_token_id` option instead.
 
+ * The `csrf_provider` firewall listener setting is deprecated, and will be removed in 3.0.
+   Use the `csrf_token_generator` option instead.
+
 Config
 ------
 

UPGRADE-3.0.md

@@ -774,6 +774,16 @@ UPGRADE FROM 2.x to 3.0
    }
    ```
 
+ * The `intention` option was renamed to `csrf_token_id` for all the authentication listeners.
+
+ * The `csrf_provider` option was renamed to `csrf_token_generator` for all the authentication listeners.
+
+### SecurityBundle
+
+ * The `intention` firewall listener setting was renamed to `csrf_token_id`.
+
+ * The `csrf_provider` firewall listener setting was renamed to `csrf_token_generator`.
+
 ### Translator
 
  * The `Translator::setFallbackLocale()` method has been removed in favor of