Re-implement cookie auth

[grav]

The docs say to create a resource with something like

{:access-control
            {:scheme        :cookie
             :cookie        "my-cookie-name"
             :verify (fn [cookie])}}

but that fails schema validation. Also, cookie validation is currently commented out.

This method re-implements cookie auth by looking for the cookie name in the "default" realm under :authorization -> :cookie.

Usage example:

{:access-control
                          {:scheme :cookie
                           :verify (fn [cookie]
                                     {:roles (when (= cookie "karen_wolf")
                                               #{:user})})
                           :authorization {:methods {:get :user}
                                           :cookie "brand"}}
                          :methods {:get {:produces #{"text/plain"}
                                          :response (fn [_ctx]
                                                      "I love cookies!")}}}

It does not support other realms apart from default, and it uses destructuring maybe a bit excessively ;-)

[boxxxie]

is this part of yada now? (i was able to use cookies with verify without issue)