Change $g_cookie_samesite default to 'Lax'

The original value was 'Strict' for security purposes, the intention
being to provide the strongest possible protection against CSRF attacks.

Unfortunately, this actually prevents the user's session cookie from
being recognized when clicking a link from a notification email, causing
MantisBT to open an anonymous session even when the user is logged in.

Changing the default value to 'Lax' fixes the issue.

Fixes 0033426