Add support for `SameSite` Cookie attribute

[chris-dudley]

The ability to set the SameSite cookie attribute would be useful, especially with currently ongoing changes to browsers' handling of cookies without a SameSite policy set.

Modern browsers are currently rolling out changes setting the default for cookies to SameSite=Lax, which prevents cookies from being included in Cross-Origin requests. Without support for setting the SameSite attribute to None, it will be impossible to use cookies in CORS requests, which is especially problematic for Cross-Origin APIs that rely on storing data in the Plumber session cookie.

The proposed changes include adding a new optional parameter called sameSite to the sessionCookie() function and the Response class's setCookie() and removeCookie() methods. If this parameter is set to a character value, the attribute SameSite=<value> will be added to the generated cookie.

[schloerke]

PRs are welcome 😄

(Would also need to update pr_cookie())

[chris-dudley]

I'm currently finalizing the PR, just needed an issue number to add to the NEWS file :)

Also, good catch on pr_cookie(), I missed that entirely.