Revert #21537: Mark .onion cookies as secure

Following a conversation about the #21537 (closed) patch, we should back out that change. The patch is correct from the perspective that a connection with an onion service is a secure channel, however there are circumstances where the onion services connects with a remote web server and potentially sends secure cookies over an insecure (plaintext) channel.

While this configuration is entirely dependent on how the web site was configured, and it is not a flaw in onion services, Tor Browser should take this into account instead of assuming all onion service connections are end-to-end encrypted and authenticated secure channels.

We should find an (opt-in) alternative solution for allowing the use of secure cookies over onion service connections that are secure channels, without exposing secure cookies on onion services connections that are not secure channels.