Refactor the `Pow.Plug.Session` logic to work independently of `Plug.Session`

[danschultzer]

When I was building Pow I decided to use the Plug.Session module since it was what was on by default in Phoenix, and devs would be used to it. However, the only thing Pow.Plug.Session stores in the Plug session is a random session id, which is rotated and expired independently. That value could just as well be in a cookie. It has no meaning, and is safe to use.

It would be great if Pow.Plug.Session could be refactored so the meat of it was independent of Plug.Session and there could support for just cookies too. One slight caveat with this is that e.g. LiveView integration wouldn't work with cookies, it only imports session AFAIK.

PowPersistentSession has PowPersistentSession.Plug.Cookie. It makes sense to have Pow.Plug.Cookie too. It could also be an option to Pow.Plug.Session, but doesn't really make sense given how PowPersistentSession is set up.

Edit: Another thing is that Pow.Plug.Session docs need to be updated to better reflect exactly what it uses the Plug.Session for. It's not clear.