feat: add configurable session cache to cookie_session authenticator

[wewelll]

This pull request adds a configurable session cache to the cookie_session authenticator, reducing load on session stores and preventing rate limit errors during high traffic periods. The implementation aligns with the existing cache patterns used in oauth2_introspection and oauth2_client_credentials authenticators.

Key Features

• Configurable cache with enabled, ttl, and max_cost settings
• Backward compatible - cache is disabled by default
• Rate limit handling - proper 429 error handling and retry guidance
• Consistent implementation - follows the same patterns as OAuth2 authenticators
• Comprehensive tests - separate cache test file following established patterns

Configuration Example

authenticators:
  cookie_session:
    enabled: true
    config:
      check_session_url: https://session-store/sessions/whoami
      cache:
        enabled: true
        ttl: 1s
        max_cost: 10000000

Benefits

• Reduces session store load - Caches session data to minimize repeated requests
• Prevents rate limiting - Avoids 429 errors during traffic bursts
• Improves performance - Faster authentication for cached sessions
• Production ready - Default TTL of 1s balances caching benefits with data freshness

Related issue(s)

Fixes #1167
Completes #1232

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

This PR completes the work started in #1232 by adding cache support to the cookie_session authenticator. The implementation follows the exact same patterns as the OAuth2 authenticators to ensure consistency across the codebase:

• Cache key generation based on all cookies in the request
• Separate cache test file (authenticator_cookie_session_cache_test.go)
• Same configuration schema structure
• Identical error handling patterns

The default TTL was set to 1 second (instead of 60s) to balance the benefits of caching with the need for fresh session data in most use cases. Users can configure longer TTLs based on their specific requirements.

[finsterwalder]

What is still needed for this to be merged? @aeneasr