TASK: Append cookie to all same-site requests (samesite: lax)

[alexander-nitsche]

This is the default behavior of Flow and modern browsers, but browsers complain if it is not explicitly set.

This is the warning in Firefox 102:

Cookie “neos_debug” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite ---