Class HybridSessionStore_Cookie

A session store which stores the session data in an encrypted & signed cookie.

This way the server doesn't need to open a database connection or have a shared filesystem for reading
the session from - the client passes through the session with every request.

This approach does have some limitations - cookies can only be quite small (4K total, but we limit to 1K)
and can only be set _before_ the server starts sending a response.

So we clear the cookie on Session startup (which should always be before the headers get sent), but just
fail on Session write if we can't use cookies, assuming there's something watching for that & providing a fallback