Amphtml: SameSite=None Cookies must have Secure flag set

Re: https://github.com/ampproject/amphtml/issues/24643

Chrome 80 won't hit stable until Feb so this could be a nice starter bug for Jake.

/to @samouri

Hi friends!

Unrelated to Secure but related to this topic: SameSite=None is treated as SameSite=Strict on iOS 12 and bunch of other incompatible browsers. So Canary opt-in might be broken on iOS 12 if you are not UA sniffing already (I did a quick test and it did seem broken on iOS 12).

List of incompatible browsers are here: https://www.chromium.org/updates/same-site/incompatible-clients

Hi friends!

Unrelated to Secure but related to this topic: SameSite=None is treated as SameSite=Strict on iOS 12 and bunch of other incompatible browsers. So Canary opt-in might be broken on iOS 12 if you are not UA sniffing already (I did a quick test and it did seem broken on iOS 12).

List of incompatible browsers are here: https://www.chromium.org/updates/same-site/incompatible-clients

Since this is only used for the canary page, we decided to leave this as broken for iOS 12. Context is here: https://github.com/ampproject/amphtml/pull/24670#discussion_r327353930

The problem is the platform check requires pulling in the experiments logic into the canary page script, which doesn't load v0.js, but rather a subset of the JS as a separate binary. I changed the canary page to load v0.js, but that approach was not favored. Since changing this was non-trivial, so we decided to skip the platform check as the affected population isn't large.