feat(http): add cookie config options to control unencrypted cookie discarding

[rexpl]

I was surprised by the default Tempest behaviour of discarding any cookie it did not encrypt itself. Cookies from other legitimate services (ex: reverse proxy) would silently get discarded. Two new CookieConfig options allow developers to handle this: discardUnencryptedCookies to disable discarding entirely, and plaintextCookies to allowlist specific cookies by name.

Original behaviour is preserved, but can now be opted out (fully or partially).

[innocenzi]

Looks good, just a few minor changes

[github-actions]

Benchmark Results

Comparison of fix/discard-unencrypted-cookies against 3.x (b147cd36d5e492a6d8fd332915720a7ca573293b).

Open to see the benchmark results

No benchmark changes above ±5%.

_{Generated by phpbench against commit bd6089f}

[brendt]

Also feel free to add an entry to the docs mentioning this new config: https://github.com/tempestphp/tempest-framework/blob/3.x/docs/1-essentials/01-routing.md

I just noticed we don't mention cookies at all there. For now, you can add a section before "Session management"

## Cookie management

### Configuration

…

I'll add the rest of the docs for cookies after this is merged

[brendt]

Can you take a look at the failing tests?

[rexpl]

I'm sorry, I am not super familiar with this process. Do I need to do something else to complete this?

[innocenzi]

@rexpl just forgot to merge after my small changes. Thanks for the PR!