[Cookies] Support signed cookies

Description

Currently, Rage supports encrypted cookies via cookies.encrypted, which uses libsodium under the hood to both encrypt and authenticate cookie values. However, there is no support for signed cookies - cookies that are authenticated (tamper-proof) but not encrypted (the value is readable).

Signed cookies are useful when you want to ensure a cookie hasn't been tampered with, but the value itself doesn't need to be secret. This is a common pattern in Rails via cookies.signed.

The goal of this issue is to expose a cookies.signed API that uses libsodium's message authentication to sign and verify cookie values without encrypting them.

For example:

# Setting a signed cookie
cookies.signed[:user_id] = 123

# Reading a signed cookie (returns nil if tampered with)
cookies.signed[:user_id] # => 123

Tips

• Look at how cookies.encrypted is currently implemented in the codebase - the signed cookie implementation will follow a similar pattern but use authentication (signing) instead of encryption.
• Libsodium provides message authentication primitives that can be used for signing. Look into the rbnacl docs.
• Check the architecture doc that shows how Rage's core components interact with each other and outlines the design principles.
• Feel free to ask any questions or request help in the comments below!