js: set SameSite=Lax on cookies set by Javascript.

This is the new default for most browsers nowadays. Fixes a warning in
Firefox about using SameSite=None without the Secure flag.

app/javascript/src/javascripts/cookie.js

@@ -14,7 +14,7 @@ Cookie.put = function(name, value, days) {
     expires = "expires=" + date.toGMTString() + "; ";
   }
 
-  var new_val = name + "=" + encodeURIComponent(value) + "; " + expires + "path=/";
+  var new_val = name + "=" + encodeURIComponent(value) + "; " + expires + "path=/; SameSite=Lax";
   if (document.cookie.length < (4090 - new_val.length)) {
     document.cookie = new_val;
     return true;