fix: Add CSRF token to blog title uniqueness check fetch requests

The title blur handler in both createBlog.js and adminglobal.js sends a
POST to /blog/check-title without the authenticityToken, causing 500
errors from CSRF protection. This injects the full HTML error page into
the DOM via innerHTML, breaking the page layout.

Added authenticityToken from the hidden form field to the FormData and
added response status checking to prevent DOM corruption on errors.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: bpamiri