This PR fixes cross-domain cookie handling and improves domain rebinding functionality for HTTP targets.

1. Cross-Domain Cookie Support

• Session cookies now work across subdomains of the configured base host (e.g., warpgate.example.com and foo.warpgate.example.com)
• Cookies are automatically scoped to the base domain with appropriate Secure and SameSite=None attributes for HTTPS
• Added validation to ensure session cookies only work for the base host and its subdomains, providing security boundaries

2. Domain Rebinding Improvements

• When HTTP targets have external_host configured, visiting that domain automatically routes to the bound target
• Domain rebinding now takes priority over target selection for authenticated users
• Improved host header detection to work reliably behind proxies

UI Fixes

• Fixed embedded UI "Home" button to redirect to warpgate home instead of bound domain home (Otherwise it gets confusing for users if you access a resource on a non-matching bound domain)
• Home button now uses the configured external_host to ensure correct navigation