Add parameters to set samesite for any arbitrary cookie

[GuySartorelli]

#10335 introduces configuration to set a default samesite value for cookies, but because of BC concerns we couldn't add parameters to set a specific samesite value for any (separate) given cookie.

Acceptance criteria

• $sameSite param = '' is added as added to the following:
  • CookieJar::outputCookie()
  • Cookie::set(), Cookie_Backend::set() and CookieJar::set()
  • Cookie::forceExpiry(), Cookie_Backend::forceExpiry() and CookieJar::forceExpiry()?
  • Anywhere else it's needed
• When the default blank string param is used, fallback to the Cookie.default_samesite configuration variable
• Session::start() should pass its samesite value into this parameter instead of CookieJar checking the Session.cookie_samesite config.

PRs

Kitchen sink CI run
Note this doesn't include any fixes from silverstripe/.github#376 so some builds may be red
Compare with https://github.com/silverstripe/recipe-kitchen-sink/actions/runs/13821934870

• NEW Allow setting "samesite" attribute for individual cookies. #11632
• ENH Make static publish cookie more secure silverstripe-versioned#495
• ENH Set the SameSite attribute for hybrid session cookies silverstripe-hybridsessions#116
• ENH Add config to set samesite for fluent locale cookie tractorcow-farm/silverstripe-fluent#934
• DOC Document changes to cookie API and some default changes developer-docs#715

[emteknetnz]

@GuySartorelli Could you do an updated kitchen sink run

[GuySartorelli]

Nothing relevant changed that would affect sink but I'll do it to avoid ping pong.