Update the default cookie_secure value in framework.rst

[tamcy]

Auto-secure cookies was introduced in Symfony 4.2. In Symfony 4.4, according to the Framework Configuration Reference, the default value for cookie_secure is 'auto'. "Auto" means that the framework will set the cookie_secure flag to true when the traffic is sent through HTTPS, or false otherwise.

Since 5.0, the value for this "auto" behavior is changed to null according to the Framework Configuration Reference documentation (the doc change happened somewhere in Jan 2020, I could not pinpoint the exact commit that caused this though). That said, I can still find "auto" being mentioned in the session documentation. It is still the default configuration value of a new Symfony 5.2 project. Also, in the Symfony\Bundle\FrameworkBundle\DependencyInjection\Configuration class, I can see that "auto" (but not null) being one of the allowed values.

So, I believe the behavior in the framework hasn't been changed, and the documentation change in framework.rst was not an intentional one. This PR updates the current framework.rst with the correct value.

[javiereguiluz]

Good catch! I checked the source code and, as you said, this was always true, false "auto" in all versions, from 4.4 to 5.2 and 5.x. So, let's merge this. Thanks ... and congrats on your first Symfony Docs contribution!