Require "secure" cookies

Please describe what the rule should do:

When setting cookies with js, we should require the “secure” parameter. In 2019, with free SSL with letsencrypt, there really is no reason anymore to not be on SSL/https and eslint should require the secure parameter to improve security.

This is (I believe) also easily auto-fixable by eslint.

What category of rule is this? (place an “X” next to just one item)

[ ] Warns about a potential error (problem) [ ] Suggests an alternate way of doing something (suggestion) [ ] Enforces code style (layout) [x] Other (please specify:) Improves security

Provide 2-3 code examples that this rule will warn about:

document.cookie = "username=John Doe";
document.cookie = "username=John Doe; expires=Thu, 18 Dec 2013 12:00:00 UTC";
document.cookie = "username=John Doe; expires=Thu, 18 Dec 2013 12:00:00 UTC; path=/";

Should be:
document.cookie = "username=John Doe; secure";
document.cookie = "username=John Doe; expires=Thu, 18 Dec 2013 12:00:00 UTC; secure";
document.cookie = "username=John Doe; expires=Thu, 18 Dec 2013 12:00:00 UTC; path=/; secure";

Why should this rule be included in ESLint (instead of a plugin)? This is a core component in making js/the web more secure (even only marginally)

Are you willing to submit a pull request to implement this rule? I have no idea how, but I am happy to test, write documentation or whatever else is needed.