Support cookies when authenticating websockets

[karstenda]

This pull request adds support for using cookies in the authentication hooks when opening new WebSocket connections.

Currently, WebSocket authentication is only possible by passing an auth token in the JoinRequest message. While this approach is functional, it is less secure and less flexible than cookie-based authentication.

Cookies can be configured as HTTPS-only and inaccessible to page JavaScript, which helps protect authentication credentials from being exposed to potential XSS vulnerabilities. In contrast, an auth token included in the JoinRequest must be available to application-level JavaScript, making it inherently more vulnerable.

In addition to improved security, cookie-based authentication allows loro-protocol connections to integrate more seamlessly with existing authentication mechanisms that already rely on cookies, reducing duplication and simplifying overall auth logic.

This pull request introduces the following changes:

• Rust: Cookies are now parsed and passed to the existing HandshakeAuthFn, which is executed during the WebSocket upgrade process.
• Rust: A new test file, handshake_cookies.rs, has been added to validate cookie handling.
• JavaScript: A new handshakeAuth hook is introduced in the simple server configuration and is executed during the WebSocket upgrade. This closely mirrors the HandshakeAuthFn used on the Rust server. The main difference is that the full IncomingMessage object is passed to the function to allow for greater flexibility and future extensibility.
• JavaScript: A new test, handshake-auth.test.ts, has been added to verify the handshakeAuth hook and cookie support.