Set secure flag for non-session cookies

This adds the secure flag to all cookies that are set
in the frontend for storing various settings.
If `SameSite=none` is set (like when embedding the instance is allowed),
 the `secure` flag is necessary to set any cookie.

Signed-off-by: David Mehren <git@herrmehren.de>

public/js/index.js

@@ -2098,7 +2098,8 @@ function toggleNightMode () {
   } else {
     Cookies.set('nightMode', !isActive, {
       expires: 365,
-      sameSite: window.cookiePolicy
+      sameSite: window.cookiePolicy,
+      secure: window.location.protocol === 'https:'
     })
   }
 }