multiple set-cookies response header support

fix lint warning and revert nil slice handling

add workaround for golang/go#27589

add strict server handlers type and support for authentications