Allow passing :sign and :encrypt keys in cookie session plug

[yunmikun2]

We don't have a way to sign or encrypt a cookie token when working with sessions via Plug.Session and Plug.Conn.put_session/3. When we generate a cookie with aforementioned mechanisms, we get a token that is not validated. The flags for the cookie are set correctly, but if a client has an ability to save the token (it's pretty easy if it's not a browser), these flags take no real effect, as the client can just pass the token and get permanent access.

This may be bypassed by using Plug.Conn.put_resp_cookie/4, but it's not that convenient because we have to pass the same options (like :max_age) in two places.

So, this PR enables us to pass :sign and :encrypt options from plug's options to Plug.Conn.put_resp_cookie/4 (which is called under the hood).

[josevalim]

Apologies but I don’t I derst add Nx the root cause. Instead of a unit test that checks the options have been set, can you write a request/response test showing which behavior this change is supposed to address?

thank you

[yunmikun2]

@josevalim, I updated test cases. I hope now it's more clear, what these changes are all about.

[josevalim]

I see, thank you. I don't think we should support this feature. The cookies set by Plug.Session is opaque and you are not supposed to directly read them elsewhere. Otherwise, we may want to change its implementation in the future and it would then become impossible without breaking user code.