What does this PR do?

Fixes security vulnerability in the slot booking API /claim https://github.com/calcom/cal.com/issues/21636

• Fixes #21636 (GitHub issue number)
• Fixes CAL-5880

Mandatory Tasks (DO NOT REMOVE)

• I have self-reviewed the code (A decent size PR without self-review might be rejected).
• I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
• I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

cd apps/api/v2 && yarn test:e2e src/modules/slots/slots-2024-04-15/controllers/slots.controller.e2e-spec.ts --testNamePattern="Cookie Security Tests|routingFormResponseId|should get slots|should reserve a slot|should delete reserved slot"

Summary by cubic

Secured the slot booking API by setting the reservation cookie as HttpOnly and Secure, preventing client-side access and exposure.

• Bug Fixes
  • Updated cookie settings to use HttpOnly, Secure, and proper SameSite flags.
  • Added tests to verify cookies are not accessible from client-side JavaScript.