feat(auth): add cookie-based JWT authentication backend

[anirudhk06]

This PR introduces a new authentication feature: JWTCookieAuthentication.

The new backend allows JSON Web Tokens (JWTs) to be authenticated exclusively
from HttpOnly cookies, providing a cookie-based alternative to the existing
header-based JWTAuthentication.

This feature is intended for browser-based applications where storing JWTs in
HttpOnly cookies is preferred over exposing tokens to JavaScript.

Key points:

• Adds a new optional authentication backend: JWTCookieAuthentication
• Authenticates JWTs exclusively from cookies
• Intentionally ignores the Authorization header
• Does not modify or replace existing authentication behavior
• Includes unit tests covering valid, missing, and invalid cookie scenarios
• Adds documentation via a new cookie_authentication.rst page, following the
  existing authentication documentation structure

Important notes:

• This feature does not issue tokens or set cookies
• Users must use cookie-aware login and refresh views to store JWTs in cookies
• The default SimpleJWT token views remain unchanged

If this feature aligns with the project’s direction, I’m happy to follow up with
a separate PR that adds optional cookie-aware obtain and refresh views.

[angryfoxx]

what is the matter of store the jwt at cookie session?
it should be stateless so this is why we dont store cookie or smth else shit