Commit Message: OAuth2: Add samesite attribute support for all OAuth2 supported cookie types

Additional Description: The SameSite attribute offers three values to control whether cookies are shared within the same site or across different sites. It's an optional setting, with a "Disabled" option that omits the SameSite attribute altogether. By default, this setting is disabled to ensure no changes are made to existing deployments, but operators now have the option to enable SameSite. The six cookies supporting SameSite attribute are:

1. bearer_token_cookie
2. hmac_cookie
3. expires_cookie
4. id_token_cookie
5. refresh_token_cookie
6. nonce_cookie

The samesite attribute value allowed are:

1. Strict
2. Lax
3. None
4. Disabled (Default, if no value is set in config)

The operator can also optionally do not specify any SameSite attributes for cookie. This will result DISABLED value to be set for all cookie's SameSite attribute value. in this case no same site attribute will be returned by filter.

The operator can also choose different same site attribute to be configured by different cookies. This means the SameSite attributes for different cookies listed above can be different. Also the operator can optionally specify SameSite attribute for some cookie but miss it for others. it is not mandatory to specify SameSite explicitly for all cookies

Risk Level: Medium
Testing: unit
Docs Changes: proto is documented
Release Notes: changelog entry pending, adding in next iteration

Request variables

Key	Value
ref	9c5770a
sha	8ac753f
pr	37917
base-sha	a0c96b3
actor	@Yueren-Wang
message	OAuth2: Add samesite attribute support for all OAuth2 supported cookie types...
started	1736463266.478551
target-branch	main
trusted	false

Container image/s (as used in this CI run)

Envoy version (as used in this CI run)