Empty attributes in Set-Cookie header

Local function `parse_set_cookie` in `http.lua` cannot parse `Set-Cookie` header if it contains empty attributes:
```
Set-Cookie: JSESSIONID=aaa; ; Path=/;;Secure;HttpOnly;;
```
 Such attributes are allowed per [RFC 6265 errata](https://www.rfc-editor.org/errata/eid3444).

_(Issue created strictly for record; a fix will be committed shortly.)_
