Do not store tokens in frontend cookies by default in header based auth

[rishabhpoddar]

The issue with using cookie store on the frontend in header based auth is that those cookies are not secure. So during page loads, those can be sent over the network even with http.

Therefore, i think we should use localstorage by default. And then only use cookie storage if user has set frontendCookieDomain