Improvement: Do not set session cookie for empty session

This is based on https://code.forgejo.org/go-chi/session/pulls/80.

The remainder of this message is largely copied from there:

For interoperability with reverse proxies and CDNs, setting a session
cookie for no good reason (login is a good reason) is a PITA, because it
makes caching of content for anonymous (not logged-in) users very hard,
requiring all kinds of special casing and error prone workarounds.

In particular in an age of exploitative AI bot crawling, being able to
serve content for anonymous users from a fast, efficient page cache is
an important option.

This patch lays a foundation by using an option added to go-chi/session
to not create session cookies always, but rather only when the
respective session is non-empty.

Test cases are included there and omitted here.

modules/session/db.go

@@ -84,6 +84,11 @@ func (s *DBStore) Flush() error {
 	return nil
 }
 
+// True if no keys have been set
+func (s *DBStore) Empty() bool {
+	return len(s.data) == 0
+}
+
 // DBProvider represents a DB session provider implementation.
 type DBProvider struct {
 	maxLifetime int64

modules/session/redis.go

@@ -103,6 +103,11 @@ func (s *RedisStore) Flush() error {
 	return nil
 }
 
+// True if no keys have been set
+func (s *RedisStore) Empty() bool {
+	return len(s.data) == 0
+}
+
 // RedisProvider represents a redis session provider implementation.
 type RedisProvider struct {
 	c        nosql.RedisClient

modules/session/virtual.go

@@ -195,3 +195,8 @@ func (s *VirtualStore) Flush() error {
 	s.data = make(map[any]any)
 	return nil
 }
+
+// True if no keys have been set
+func (s *VirtualStore) Empty() bool {
+	return len(s.data) == 0
+}