NAV needs to consider a SameSite policy for the session cookie

[lunkwill42]

Is your feature request related to a problem? Please describe. Future browser releases may decide to discard NAV's session cookie, due to it not having any explicit SameSite policy.

Describe the solution you'd like

• NAV should, at the very minimum, explicitly define a site policy for the session cookie.
• Nice to have would be for the policy to be configurable in webfront.conf as well, but with a sane default.

Additional context See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite for further details.

The SameSite policy can be configured through Django's settings.py, but this requires at least Django 2.1.