What does this PR do?

This PR improves slot booking API security by setting the uid cookie with httpOnly and secure flags in slots.controller.ts, preventing session theft via XSS.

• /claim #21636
• Fixes #21636 (GitHub issue number)
• Fixes CAL-5880 (Linear issue number)

Visual Demo (For contributors especially)

A visual demonstration is strongly recommended, for both the original and new change (video / image - any one).

Image Demo (if applicable):

Mandatory Tasks (DO NOT REMOVE)

• I have self-reviewed the code (A decent size PR without self-review might be rejected).
• N/A
• I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

Use Network Tab to Inspect Cookies on Requests

Checklist

• I haven’t checked if my changes generate no new warnings

Summary by cubic

Improved slot booking API security by setting the uid cookie with httpOnly and secure flags. Added better validation and user feedback for cancellation reasons in the booking UI.

• Bug Fixes
  • Set httpOnly and secure flags on the uid cookie to prevent session theft.
  • Show a warning toast if the cancellation reason is too short.
  • Updated button logic to require a valid cancellation reason.