feat: Add support for secure attribute of local/refresh provider cookies

[matteioo]

🔗 Linked issue

#728

❓ Type of change

• 📖 Documentation (updates to the documentation, readme or JSdoc annotations)
• 🐞 Bug fix (a non-breaking change that fixes an issue)
• 👌 Enhancement (improving an existing functionality like performance)
• ✨ New feature (a non-breaking change that adds functionality)
• 🧹 Chore (updates to the build process or auxiliary tools and libraries)
• ⚠️ Breaking change (fix or feature that would cause existing functionality to change)

📚 Description

This PR adds the possibility to optionally set the secure attribute of the local/refresh-provider cookies to true. Thus guaranteeing, that the cookie is only sent over HTTPS. I've already updated the docs to take the changes into consideration.

As this is my first contribution to a public repo like this one, I am glad for any feedback and sorry in advance if I categorized this PR and issue wrongly or forgot to add something necessary.

PS: I've also moved a command which was wrongly on a line below (explanation of the duration in minutes regarding the maxAgeInSeconds field).

📝 Checklist

• I have linked an issue or discussion.
• I have added tests (if possible).
• I have updated the documentation accordingly.

[phoenix-ru]

Hi @matteioo, thank you for your contribution. I have done both functional and code review, it all looks good to me!

[matteioo]

Hi @matteioo, thank you for your contribution. I have done both functional and code review, it all looks good to me!

Thank you very much. I'm very happy to hear that, as this is my first open source contribution to a public repository.

[matteioo]

My formatting was based on the _rawTokenCookie in the refresh provider:

https://github.com/sidebase/nuxt-auth/blob/main/src/runtime/composables/refresh/useAuthState.ts#L16-L25

If you want, I can change the formatting of the _rawTokenCookie so that it matches this updated version.