Avoid cross origin forgery by using same-site cookie

[timopollmeier]

What: Only allow access to the session cookie from the same site and not for third parties. This avoids CSRF attacks like like e.g. BREACH.

For more details please take a look at http://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/

Why: This fix was missing in the main and stable branches after moving gsad from the gsa repository to its own.

How:

Checklist:

• [ ] Tests N/A
• [ ] CHANGELOG Entry N/A
• [x] Labels for ports to other branches

[bjoernricks]

Not sure how we lost this commits in stable in main :-/