* Make rack/session setup autoloads

These are the same autoloads previously used when the session
support was included in rack.

Remove the duplicate constant definitions to avoid constant
warnings when rack is also in use (which it must be for this
to work, as parts of rack-session depend on rack).

* Define constants under Rack::Session, so they don't conflict with Rack constants

* Load rack/session/constants in files that use the constants

* Support backwards compatibility for Rack::Session::Cookie :secret option

Previously, :secret was used to store the HMAC secret.  If it is
used, use it as a fallback to set both the encryption secret and
the legacy HMAC secret.

From a cryptographic perspective, it's best to avoid sharing
secrets like this, even though I'm guessing it is not vulnerable
(note: this is not an educated guess).  I think this is better
than completely breaking backwards compatibility.

The best way to handle conversion from legacy HMAC would be to
specify :secrets in addition to :secret (or :legacy_hmac_secret),
then remove :secret/:legacy_hmac_secret after all sessions have
been upgraded.

* Avoid unnecessary arguments to Dir.glob in gemspec

FNM_DOTMATCH is not needed (no additional files would match with
it).  base keyword is what breaks CI on Ruby 2.4, and is not needed
as gem is generally build already in the same directory as the
gemspec.

…ars.