Don't use secure cookes on non-HTTPS deployments.

Fixes not being able to login or signup when running in production mode
on a non-HTTPS site.

config/initializers/session_store.rb

@@ -7,5 +7,5 @@ Rails.application.config.session_store(
   domain: :all,
   tld_length: 2,
   same_site: :lax,
-  secure: Rails.env.production?
+  secure: Rails.env.production? && Danbooru.config.canonical_url.match?(%r!\Ahttps://!)
 )