v3.1.0 Adding secure cookie support

New feature: marking all cookies as secure. Added by @jmera in #231. In the future, we'll probably add the ability to whitelist individual cookies that should not be marked secure. PRs welcome.

Internal refactoring: In #232, we changed the way dynamic CSP is handled internally. The biggest benefit is that highly dynamic policies (which can happen with multiple append/override calls per request) are handled better:

1. Only the CSP header cache is busted when using a dynamic policy. All other headers are preserved and don't need to be generated. Dynamic X-Frame-Options changes modify the cache directly.
2. Idempotency checks for policy modifications are deferred until the end of the request lifecycle and only happen once, instead of per append/override call. The idempotency check itself is fairly expensive itself.
3. CSP header string is produced at most once per request.