Default cookie setter in OAuth is not setting samesite = None

[Kudze]

Issue summary

The samesite parameter is being ommited from setcookie function in OAuth2 process: https://github.com/Shopify/shopify-api-php/blob/main/src/Auth/OAuth.php#L351, causing the default Lax mode to be selected.

This causes "Perform Token Exchange" step in https://shopify.dev/docs/apps/build/authentication-authorization/session-tokens#request-flow-using-a-session-token to fail when embedded page is loaded through an iframe (for example from Shopify admin panel), because the cookies will not be saved.

Expected behavior

The cookies should be set and OAuth should succeed in Shopify admin panel.

Actual behavior

The cookies are not set and OAuth fails in Shopify admin panel.

Steps to reproduce the problem

1. Implement minimal application implementing Shopify's OAuth2 authentication (online mode = true), using this library, with default cookie setter.
2. Install application into any Shopify store.
3. Delete the initial customer's session. (Simulating different admin user or expired session).
4. Try to perform "Token Exchange" from Shopify admin panel.

Reduced test case

---

Checklist

• I have described this issue in a way that is actionable (if possible)
• I have created a merge request fixing this issue.