Allow dev to set SameSite, MaxAge, & Secure attributes on cookie

[websocket98765]

• https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#security
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#max-agenumber
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#secure

Relevant line in sk-auth: https://github.com/Dan6erbond/sk-auth/blob/4bf8cc9fa025df6e75505142f1aa7be67cdca139/src/auth.ts#L133

Maybe also relevant? Do JWT and cookie need to be set to the same expiration? https://github.com/Dan6erbond/sk-auth/blob/4bf8cc9fa025df6e75505142f1aa7be67cdca139/src/auth.ts#L100

[websocket98765]

Possible solution would be to have add something like this to the config:

cookie: {
   maxAge: 1234,                  // jwtExpires and cookie probably should be set the same automatically
   sameSite: 'Strict',             // 'Lax' is the browser default if unspecified according to Mozilla link above
   secure: dev ? false : true       // defaults to false; dev would use `dev ? true : false` as the value most likely.
}