implementation for multiple working set-cookie headers

[panva]

• moved test from koa to general
• extended test to cover special set-cookie exception
• closes #15

[dougmoscrop]

Looks great, thanks!

I notice you check if the header.toLowerCase() is 'set-cookie' -- in your experience are the headers ever not lower case? If they aren't then there seems to be a chance of headers being overwritten. This isn't relevant to your PR but I was curious about your experience.

[panva]

proprietary web server frameworks (non koa, non express, non hapi?) may choose to bypass res.setHeader and go for res._headers directly, doubt they would, but who knows.

resources:

• https://github.com/nodejs/node/blob/5de3cf099cd01c84d1809dab90c041b76aa58d8e/lib/_http_outgoing.js#L389-L412
• https://nodejs.org/dist/latest-v7.x/docs/api/http.html#http_response_setheader_name_value