Validate cookie domain configuration

[asnare]

Basic validation of the cookie domain configuration can be done, but isn't currently. Specifically, the cookie domain for a browser-based source should either be not present or contain a period (.).

(Issue #121 described a situation where a confusing outcome could have been prevented if this rule was evaluated on startup.)

The only cookie domain that I can think of that wouldn't work here is localhost for testing, but that's an edge case and unnecessary because the default of no setting will do the right thing.