Implement #1373: Document Relaxed `__Secure-` Cookie Prefix

[ljrk0]

Also clarifies what __Host- and prefixes in general intends to guard against, what kind of problems implementers may encounter and encourage usage together with SameSite.

---

• [x] In case of a new Cheat Sheet, you have used the Cheat Sheet template.
• [x] All the markdown files do not raise any validation policy violation, see the policy.
• [x] All the markdown files follow these format rules.
• [x] All your assets are stored in the assets folder.
• [x] All the images used are in the PNG format.
• [x] Any references to websites have been formatted as [TEXT](URL)
• [x] You verified/tested the effectiveness of your contribution (e.g., the defensive code proposed is really an effective remediation? Please verify it works!).
• [x] The CI build of your PR pass, see the build status here.

This PR covers issue #1373.

[jmanico]

These changes look solid. Can you please clean up the text a little first?

[ljrk0]

Hi @jmanico glad to do so! Is there anything specific I should clean up in the text?

[jmanico]

SameSite does more than guard against malicious actors reading cookies. Can you expand on that some? Otherwise I think this is good to go!

[ljrk0]

I've changed the first sentence as suggested @jmanico and provided more context onto what SameSite guards against as well as added a link to Session Fixation (the same link is already set at a different part in the same page) to provide additional background.

If you prefer, I can also squash the changes into one of course.

[mackowski]

@ljrk0 I changed the status of this PR from draft to ready for review. Looks good for me, very good addition.