This PR adds support for sameSite: 'auto' option that automatically sets the SameSite cookie attribute based on connection security, similar to the existing secure: 'auto' feature.

When the connection is secure (HTTPS), SameSite is set to 'None' to enable cross-site usage, and when insecure (HTTP), it's set to 'Lax' for better security. This solves real-world scenarios like SAML authentication where the connection security isn't known at configuration time.

The implementation follows the same pattern as secure: 'auto', uses the existing issecure() function, and includes comprehensive test coverage with no breaking changes.

Fixes #1081