EC cookie helpers

[aram356]

Parent epic

#532

Description

Implement the low-level functions that create and delete the ts-ec cookie and set EC response headers. Called by ec_finalize_response() (Story 2).

Scope: ec/cookie.rs

Acceptance criteria

• create_ec_cookie() produces a cookie with Domain=.{publisher.domain}, Max-Age=31536000, SameSite=Lax; Secure. HttpOnly is NOT set (JS must read the cookie). Domain derived from settings.publisher.domain, NOT settings.publisher.cookie_domain.
• delete_ec_cookie() produces a cookie with Max-Age=0, same attributes.
• set_ec_on_response() sets Set-Cookie and X-ts-ec response headers.
• clear_ec_on_response() sets Set-Cookie with Max-Age=0 AND strips all EC-related response headers: X-ts-ec, X-ts-eids, X-ts-ec-consent, x-ts-eids-truncated, and any X-ts-<partner_id> headers. Prevents leaking EC identity on consent-withdrawal responses.
• Unit tests cover cookie string format, Max-Age=0 deletion, domain derivation, and header stripping.

Spec ref

docs/internal/ssc_technical_spec.md §5.1, §5.2, §5.3