Control Cookie Domain

[bigkevmcd]

Problem
The Cookie we set is not secure (this should be enabled by default) and does not set the request domain.

We should configure the request domain to control where the cookie is sent https://pkg.go.dev/net/http#Cookie

Solution
Allow configuring the Cookie domain.

And maybe allow disabling the Secure cookie (for test purposes).

Additional context
We don't want cookies to be sent outside of the originating domain!