fix: Allow loading attachments linked from other sites/emails.

Loosens same-site policy to include cookies for navigation events.
closes #4737

server/utils/authentication.ts

@@ -119,7 +119,7 @@ export async function signIn(
     }
   } else {
     ctx.cookies.set("accessToken", user.getJwtToken(), {
-      sameSite: true,
+      sameSite: "lax",
       httpOnly: false,
       expires,
     });