Fixes #2564. Change to lax value for samesite cookies.

Otherwise, reports get swallowed if you're logged into GitHub,
but not logged into webcompat.com

(r=me, because this is a bad regression)

Author: miketaylr

config/__init__.py

@@ -126,7 +126,7 @@ def update_status_config(milestones_content):
 # use secure and samesite flags on session cookie otherwise
 if not LOCALHOST:
     SESSION_COOKIE_SECURE = True
-    SESSION_COOKIE_SAMESITE = 'Strict'
+    SESSION_COOKIE_SAMESITE = 'Lax'
 
 # By default, we want to log CSP violations. See /csp-report in views.py.
 CSP_LOG = True