Fixes #50207.
Users should be able to easily activate Cache-Control: no-store when they have concerns about such cookies being cached by HTTP intermediaries, not only when a session cookie is created but also when it is refreshed.
Right now it can be done by monitoring OIDC events as just returning Cache-Control: no-store in the JAX-RS code won't work by default - when the user logs in, Quarkus OIDC, creates a session cookie and redirects the user to drop technical code flow parameters like code and state, so by the time the JAX-RS code is reached, the cookie was already returned. This extra redirect dropping technical parameters can be disabled but it is not recommended.
PR allows to support a single directive at the moment, no-store, but I'd like to experiment with a private directive before opening it for review