Ini-file entry "jwt.https_only_cookie" is always True

[MaximilianMohr]

For testing/development purposes where I do not have https enabled always, I set the following entry in my development.ini:

...
jwt.https_only_cookie = false
...

But when the application starts and the cookie auth policy is initialized, this entry is not parsed correctly, since the resulting JWT cookie has still set the secure flag.

Yes I could instead set this option to False using:

        config.set_jwt_cookie_authentication_policy(https_only=False)

but I only want this option to be disabled during development, so this is not a real option longterm.

I tried to fix this, see PR #47. For my application, the change is working as expected.