Upgrade undertow to 2.2.3

Undertow's cookie handling changed slightly in this version, which
prompted two changes:

1. the SameSite cookie no longer accepts null as an argument. Rather
   than adding conditionals to guard setting, we simply change the
   default SameSite value to 'Lax', as is assumed by modern standards
   anyway https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite:

   > The cookie-sending behavior if SameSite is not specified is SameSite=Lax.
   > Previously the default was that cookies were sent for all requests.

2. it no longer handles spaces in cookie values (unless they are
   quoted). This behavior is actually correct according to
   [RFC2109](https://tools.ietf.org/html/rfc2109), which requires cookie
   values to be quoted if they contain spaces. This change is actually
   transparent to cask, but reveals a minor bug in the
   [requests-scala](com-lihaoyi/requests-scala#73) library.
   Tests pass locally once this issue is fixed.

Author: jodersky

build.sc

@@ -50,7 +50,7 @@ trait CaskModule extends CrossScalaModule with PublishModule{
 class CaskMainModule(val crossScalaVersion: String) extends CaskModule {
   def ivyDeps = T{
     Agg(
-      ivy"io.undertow:undertow-core:2.0.13.Final",
+      ivy"io.undertow:undertow-core:2.2.3.Final",
       ivy"com.lihaoyi::upickle:1.2.2"
     ) ++
     (if(!isDotty) Agg(ivy"org.scala-lang:scala-reflect:${scalaVersion()}") else Agg())

cask/src/cask/model/Params.scala

@@ -81,7 +81,7 @@ case class Cookie(name: String,
                   discard: Boolean = false,
                   httpOnly: Boolean = false,
                   secure: Boolean = false,
-                  sameSite: String = null) {
+                  sameSite: String = "Lax") {
 
 }