Secure cookies

[dinever]

Currently Golf stores cookies explicitly. Let's create a secure cookie method Context.SecureCookie & Context.SetSecureCookie to allow encrypting the cookies using a symmetric key.

Before using the secure cookie, the user should set a secret_token, which will be used as the symmetric encryption key in the app configuration.

[chloexu]

We can refer to Tornado's implementation:

https://github.com/tornadoweb/tornado/blob/b6998247702a960f0c73004a6b5f8ae775607c03/tornado/web.py#L570