Add support for optional 'SameSite' cookie attribute

As described in the definition document by the ietf:
https://tools.ietf.org/html/draft-west-first-party-cookies-07

"The 'SameSite' attribute allows servers to assert that a cookie
ought not to be sent along with cross-site requests. This assertion
allows user agents to mitigate the risk of cross-origin information
leakage, and provides some protection against cross-site request
forgery attacks."

src/ZPublisher/HTTPResponse.py

@@ -642,6 +642,8 @@ class HTTPBaseResponse(BaseResponse):
                 # and block read/write access via JavaScript
                 elif name == 'http_only' and v:
                     cookie = '%s; HTTPOnly' % cookie
+                elif name == 'same_site' and v:
+                    cookie = '%s; SameSite=%s' % (cookie, v)
             cookie_list.append(('Set-Cookie', cookie))
 
         # Should really check size of cookies here!

src/ZPublisher/tests/testHTTPResponse.py

@@ -321,6 +321,19 @@ class HTTPResponseTests(unittest.TestCase):
         self.assertEqual(len(cookie_list), 1)
         self.assertEqual(cookie_list[0], ('Set-Cookie', 'foo="bar"'))
 
+    def test_setCookie_w_same_site(self):
+        response = self._makeOne()
+        response.setCookie('foo', 'bar', same_site='Strict')
+        cookie = response.cookies.get('foo', None)
+        self.assertEqual(len(cookie), 3)
+        self.assertEqual(cookie.get('value'), 'bar')
+        self.assertEqual(cookie.get('same_site'), 'Strict')
+        self.assertEqual(cookie.get('quoted'), True)
+        cookies = response._cookie_list()
+        self.assertEqual(len(cookies), 1)
+        self.assertEqual(cookies[0],
+                         ('Set-Cookie', 'foo="bar"; SameSite=Strict'))
+
     def test_setCookie_unquoted(self):
         response = self._makeOne()
         response.setCookie('foo', 'bar', quoted=False)