By default, all frontend cookies have been set to insecure, even when
HTTPS is enabled. This has tripped off some security scanners. While
most of these cookies probably contain a single user preference and do
not contain any personally-identifiable information, we should err on
the side of caution and enable the Secure attribute if an encrypted
channel is available.

We now centralize all the application logic for cookie setting to the
`setCookie` `getCookie` methods in `common_utils.js`.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/24040

Changelog: security