Add cookie attributes in `Web.Session.set`

[Favo02]

Hello, thanks for the incredibly useful library!

I am developing a REST API, the authorization is managed using signed cookies with the Web.Sessions module.

The set cookie function accepts as optional parameters only ?cookie_key and ?secret. I noticed that the underlying Opium.Response.add_cookie_or_replace offers a bigger API, with ?⁠expires, ?⁠same_site, ?⁠secure and ?⁠http_only parameters, which are all very useful (and important for security reasons) while building apps that uses cookies. Is there any particular reason for "hiding" them?

I ended up using directly Opium.Response.add_cookie_or_replace to set cookies and Web.Sessions.find to read them, which is inconvenient. I think that a few more optional parameters to the Web.Sessions.set function (which would be passed directly to the Opium call) would be really helpful, if needed I can create a PR.