fix: proper SameSite=None in dev mode

[hperl]

Related issue(s)

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

[zepatrik]

This could be a possible explanation: 921f8c2
Do we automatically set the cookies to not secure when in dev mode? In that case we need to change that as well, so they are always secure. Then none should work.

[codecov]

Codecov Report

Merging #3502 (c242591) into master (cf20054) will increase coverage by 0.02%.
The diff coverage is 100.00%.

❗ Current head c242591 differs from pull request most recent head 40c6ab3. Consider uploading reports for the commit 40c6ab3 to get more accurate results

@@            Coverage Diff             @@
##           master    #3502      +/-   ##
==========================================
+ Coverage   76.87%   76.89%   +0.02%     
==========================================
  Files         124      124              
  Lines        9175     9102      -73     
==========================================
- Hits         7053     6999      -54     
+ Misses       1673     1660      -13     
+ Partials      449      443       -6     

Impacted Files	Coverage Δ
driver/config/provider.go	82.75% <100.00%> (+0.76%)	⬆️

... and 2 files with indirect coverage changes

[zepatrik]

As discussed, we cannot assume an instance in dev mode is not using TLS. It is also not possible to tell in the service itself because the TLS connection might be terminated in a side-car or on the ingress level.