refactor(session): extract SessionConfig and add auto-migration

- session/config.rs: add SessionConfig struct that pre-validates all
  session configuration values, with build_middleware() for infallible
  middleware construction
- session/middleware.rs: expose parse_same_site as pub(crate)
- session/storage/redis.rs: derive Clone for RedisSessionStore
- main.rs: validate session config before HttpServer loop, use
  SessionConfig::build_middleware() inside closure; add
  sqlx::migrate!() call after database connection

session/middleware.rs

@@ -473,7 +473,7 @@ fn append_set_cookie(response: &mut ResponseHead, value: String) -> AppResult<()
     Ok(())
 }
 
-fn parse_same_site(value: &str) -> AppResult<SameSite> {
+pub(crate) fn parse_same_site(value: &str) -> AppResult<SameSite> {
     match value.trim().to_ascii_lowercase().as_str() {
         "strict" => Ok(SameSite::Strict),
         "lax" => Ok(SameSite::Lax),