Add SameSite setting configuration for Cookie based tracking strategies

[eMaringolo]

The SameSite option in the session cookie is hardcoded to be Strict, but this forbids (and actually breaks) the possibility of embedding a Seaside application into an <iframe> of a third party domain.

It should be possible to define the SameSite setting to be none, lax or strict, setting the corresponding HTTP Only and Secure attribute accordingly when set to none.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite