grafana: enable cookie_secure
We serve grafana over HTTPS, so it's a good idea to make the cookie SSL-only.