SpringBoot Configure SameSite attribute on session Cookies for Spring WebFlux

This issue is about configuring the SameSite attribute in a consistent way for session cookies in Spring WebFlux.

Here's a link explaining the basics about SameSite Cookie attribute: https://web.dev/samesite-cookies-explained/

Google Chrome and other browsers are about to enforce new security policies for SameSite attributes in Cookies. See: * Chromium timeline for SameSite updates: https://www.chromium.org/updates/same-site * Initial announcement: https://blog.chromium.org/2019/10/developers-get-ready-for-new.html * Rollout is delayed: https://blog.chromium.org/2020/04/temporarily-rolling-back-samesite.html

As explained by Rossen here, Spring WebFlux is managing its own Cookie abstraction and supports the SameSite attribute already - throught a custom serializer or native support of the Web Server.

Spring Boot could provide configuration properties to change the SameSite attribute for session cookies.

See #15047 for more information, in the context of the same improvement for Spring Session.