[PoC] Proactive hash algorithm upgrade path

[martijnc]

The changes in #351 allow applications to configure a legacy hash algorithm to ease hash algorithm upgrades. The new algorithm is only used for new cookies; existing cookies are not updated, which requires legacy_hash_algo to be set for a prolonged time. A suggestion was made to support proactive upgrading of existing cookies automatically to shorten this timeframe.

Updating existing cookies automatically from the bundle isn't possible as it might override some properties (e.g., path, expiration date) because that information is not sent back to the server. To perform the upgrade, the application will need to provide some of this information. Creating a Cookie from just the name/value pair may extend the expiration or widen the path restriction, making it less secure. This PR explores this.

The application can provide a service(s) implementing UpgradedCookieBuilderInterface that can build a Cookie with the appropriate options from the name/value pair. This bundle handles the detection of upgradable cookies and manages the upgrade process, except for creating the actual Cookie. Adoption of this feature may be low due to the UpgradedCookieBuilderInterface requirement.

[Seldaek]

Updating existing cookies automatically from the bundle isn't possible as it might override some properties (e.g., path, expiration date) because that information is not sent back to the server. To perform the upgrade, the application will need to provide some of this information. Creating a Cookie from just the name/value pair may extend the expiration or widen the path restriction, making it less secure. This PR explores this.

Oh good point 👍🏻 I definitely hadn't fully thought out that process. I'll look at this PR later but thanks already.