I have added the SameSite enum to ResponseCookie while ensuring that the existing string-based handling is still supported.

The reason for adding the enum is to enhance type safety. Additionally, if a value that is not provided is entered, it will default to Lax as per the specification (https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#name-the-samesite-attribute).

I would appreciate it if you could review the PR!

Comment From: bclozel

Thanks for the proposal, but we're going to decline this PR. Promoting this to an enum doesn't bring much, as SameSite can accept any value (and the actual resulting behavior depends on the browser configuration). Exposing this in our public API would require deprecating the String variant and would create some edge cases like builder.sameSite(null).

We might revisit this in the future if the SameSite spec evolves and requires more elaborate parsing or features on the server side.

Thanks for your contribution!