SameSite=None is not compatible with older browsers

We set SameSite=None in GitLab 12.10 via !28205 (merged) because Chrome v80, rolled out in March 2020, treats any cookies without the SameSite directive set as though they are SameSite=Lax (https://www.chromestatus.com/feature/5088147346030592). This is a breaking change from the previous default behavior, which was to treat those cookies as SameSite=None.

However, older browsers (e.g. Safari 13.0.3) may interpret the None as Strict, which causes users that click on gitlab.com links from third-party sites (e.g. Gmail, Slack) to log in again.

https://www.chromium.org/updates/same-site/incompatible-clients recommends a set of regular expressions to determine whether to send this. We should consider adding this logic in lib/gitlab/middleware/same_site_cookies.rb, possibly using the browser gem.