Not possible to use "secure" cookies out of the box

[jkabat]

Recently because of security audit we were asked to set all consent cookies "secure". Right now it is impossible to configure, so my first option was to override it.

Since CookieHandler uses bound variable "httpOnly" my override ended up with an error:

A binding is configured for an argument named "$httpOnly" under "_defaults" in file "/var/www/html/vendor/connectholland/cookie-consent-bundle/DependencyInjection/../Resources/config/services.yaml", but no corresponding argument has been found. It may be unused and should be removed, or it may have a typo.

So my solution is to make a decorated service... and copy whole file over, which is pretty ugly,

Anybody has another advice? Or only PR on the bundle would solve it?