Summary

Reshapes the color-scheme cookie configuration under prefersColorSchemeOptions into a nested cookie: {} object and adds control over Secure/SameSite.

• New prefersColorSchemeOptions.cookie?: { name?, domain?, secure?, sameSite? }.
• cookieName is kept but deprecated (maps to cookie.name; emits one build-time warning when used). When both are set, cookie.name wins.
• The previously proposed flat cookieDomain option is removed — use cookie.domain.
• secure and sameSite were previously hardcoded (SameSite=Lax, no Secure); they are now configurable. secure is forced to true when sameSite is 'none'.

Default behaviour is unchanged: cookie.name defaults to color-scheme, SameSite=Lax, no Secure, no Domain.

ssrClientHints: {
  prefersColorScheme: true,
  prefersColorSchemeOptions: {
    cookie: {
      name: 'color-scheme',
      domain: '.example.com',
      sameSite: 'lax',
      // secure: true,
    },
  },
}

Implementation notes

• Public input gains the nested cookie object; the resolved/runtime config stays flat (cookieName, cookieDomain, cookieSecure, cookieSameSite) to keep the runtime plugins simple.
• Normalisation (legacy + nested → flat) lives in prepareSSRClientHints, extracted into a small resolveColorSchemeCookie helper.

Test Plan

• Unit tests for prepareSSRClientHints normalisation: nested-only, legacy-only (warns), both (new wins), defaults, sameSite:'none' forces secure.
• Full unit suite (32 tests) passing.
• Lint clean; module + playground typecheck (dev:prepare) clean.