Cookie security attributes are going to mandated by Google Chrome

[joakime]

See https://blog.chromium.org/2019/10/developers-get-ready-for-new.html

Also the feedback at #3040 (comment)

We need to have a solution for the following:

• Web Apps using the Servlet Cookie API.
• Session Cookies created by Jetty.
• Http Client Cookie usage / behaviors?

[joakime]

For Session Cookies, we need to support a configuration for the SameSite attribute.

• Not Present
• SameSite=None
• SameSite=Lax
• SameSite=Strict

[blop]

Work is being done also on the servlet-api jakartaee/servlet#175

[joakime]

Opened PR #4271