Expose cookie options via Antiforgery options

[kichalla]

With the following commit, the path of the antiforgery's cookie token is set to always use the request's PathBase. Consider exposing the cookie's options via the AntiforgeryOptions to enable users to set it explicitly if they need to.

[rynowak]

We don't want to expose cookie options in general, just the ability to either set Path globally, or have a boolean to ignore PathBase.

[Eilon]

@rynowak so we want one or the other option? Or both?

[rynowak]

We made the breaking change to use PathBase we need to expose something to override that behavior in case you wanted something different.

Some other discussion was discussed about exposing other cookie options as options.

[Eilon]

Let's add a PathString? AntiforgeryOptions.CookiePath { get; set; } property.

If it's unset (i.e. null), the system will be smart and use the PathBase of the request. If it's set to anything else, the system will be smart and use what the user set.

[Eilon]

Please ensure the behavior is covered in the doc comment of the new property.