Onion service related changes to HTTPS handling (#15560)

* Enable secure cookie flag for https only

* Disable force_ssl for .onion hosts only

Co-authored-by: Aiden McClelland <me@drbonez.dev>

config/initializers/session_store.rb

@@ -2,6 +2,5 @@
 
 Rails.application.config.session_store :cookie_store, {
   key: '_mastodon_session',
-  secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
   same_site: :lax,
 }