Reduce duplication when configuring cookie options

[JunTaoLuo]

As per discussion in aspnet/Antiforgery#141. We should use the Action<..., CookieOptions> pattern on each components' options to configure the cookie options instead of duplicating them. Need to look through our code base for where we configure cookie options and update them where necessary.

[Tratcher]

Review:

• Security
• Session
• MVC - CookieTempDataProvider
• Localization
• Rewrite

[Tratcher]

@muratg these would be breaking changes that should be considered for RTM

[HaoK]

Alternatively, you could consider using IOptionsSnapshot<CookieOptions> and using named options for each cookie assuming cookie.Name is unique. Then configuring a cookie would be the normal services.Configure<CookieOptions>(cookieName, o => { }) That seems like a reasonable alternative to a mini options pattern for these...

[muratg]

cc @javiercn

[javiercn]

We went with the Action<HttpContext,CookieOptions> approach in the OpenIdConnect/RemoteAuthentication options as needed for aspnet/Security#1262.

The twitter middleware is the last one that requires this on the security repo as far as I know. We shouldn't do this for the cookie policy middleware IMO as it would broaden the scope of the middleware and would require more design, and its something that can be revisited on 2.1

[muratg]

cc @Eilon, @danroth27, @DamianEdwards do we want this in 2.0.0 (and obsolete the existing Options?) Or we can do it in 2.1, but then we can't obsolete them until 3.0.