FEATURE: add support for same site cookies

Defaults to Lax, can be disabled or set to Strict.

Strict will only work if you require login and use SSO. Otherwise when clicking on links to your site you will appear logged out till you refresh the page.

lib/discourse_cookie_store.rb

@@ -10,6 +10,9 @@ class ActionDispatch::Session::DiscourseCookieStore < ActionDispatch::Session::C
       if SiteSetting.force_https
         cookie[:secure] = true
       end
+      unless SiteSetting.same_site_cookies == "Disabled"
+        cookie[:same_site] = SiteSetting.same_site_cookies
+      end
     end
     cookie_jar(request)[@key] = cookie
   end