Mark cookies as secure

This allows the samesite=none change in the last commit to work.

config/initializers/devise.rb

@@ -132,7 +132,9 @@
 
   # Options to be passed to the created cookie. For instance, you can set
   # :secure => true in order to force SSL only cookies.
-  # config.rememberable_options = {}
+  config.rememberable_options = {
+    secure: true
+  }
 
   # ==> Configuration for :validatable
   # Range for password length. Default is 8..128.

config/initializers/session_store.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
-Rails.application.config.session_store :cookie_store, key: '_baw_session'
+Rails.application.config.session_store :cookie_store, key: '_baw_session', secure: true