Add cookie support

[jkmassel]

What?

Adds the ability to set cookies that'll be used by the editor.

Why?

Ref CMM-235. Close CMM-450. This will make it easy to support private sites for WP.com where the assets require authentication.

How?

Properly routes cookies to where they need to go.

At the moment, there's nothing fancy here – the developer has to know how to properly construct the cookie. We can make this more ergonomic later, if we want.

Testing Instructions

For iOS:

1. Update ContentView.swift's init method to read:

    init(configuration: EditorConfiguration = .default) {
        var mutableCopy = configuration
        let cookie = HTTPCookie(properties: [
            .domain: "wpmobilep2.wordpress.com",
            .path: "/",
            .name: "wordpress_logged_in",
            .value: "[redacted]",
            .secure: true,
        ])!
        mutableCopy.cookies.append(cookie)
        self.configuration = mutableCopy
    }

2. Replace [redacted] with the value of the cookie sent when requesting
   https://wpmobilep2.wordpress.com/wp-content/uploads/2025/05/screenshot-2025-05-20-at-3.35.11e280afpm.jpeg from your browser.
3. Run the demo app and insert the image listed above.
4. It should show up.
5. Comment out the cookie injection, try again, note it doesn't work.

For Android:

1. Update MainActivity's setCookies call to:

            .setCookies(mapOf(
                "https://wpmobilep2.wordpress.com" to "wordpress_logged_in=[redacted]; domain=wpmobilep2.wordpress.com; SameSite=None; Secure; HttpOnly"
            ))

2. Replace [redacted] with the value of the cookie sent when requesting
   https://wpmobilep2.wordpress.com/wp-content/uploads/2025/05/screenshot-2025-05-20-at-3.35.11e280afpm.jpeg from your browser.
3. Run the demo app and insert the image listed above.
4. It should show up.
5. Comment out the cookie injection, try again, note it doesn't work.

[dcalhoun]

The simplicity of the cookie approach feels so much more sound than a proxy. Nicely done.

I performed the testing instructions with private image, video, and audio files. All functioned as expected on both iOS and Android.

The one media that failed was VideoPress URLs. First, it appears VideoPress relies upon a URL token parameter for authentication and the cookie has no impact. Second, the editor seemed to fail handling 206 responses when token authentication succeeded. That said, neither of these seem related to the proposed cookie authentication.

[dcalhoun]

Noting this replaces #30 and supersedes #33, which can be removed and closed respectively.

Also, we can close wordpress-mobile/WordPress-Android#21331 as its approach is no longer applicable.

We will need to implement appropriate cookie configuration in WP-iOS and WP-Android after merging this work.

[jkmassel]

@dcalhoun I'll leave this to you to merge given the breaking changes.