Avoid importing modules/web/middleware in modules/session (#30584) (#30589)

Backport #30584 by @wolfogre

Related to #30375.

It doesn't make sense to import `modules/web/middleware` and
`modules/setting` in `modules/web/session` since the last one is more
low-level.

And it looks like a workaround to call `DeleteLegacySiteCookie` in
`RegenerateSession`, so maybe we could reverse the importing by
registering hook functions.

Co-authored-by: Jason Song <i@wolfogre.com>

modules/session/store.go

@@ -6,9 +6,6 @@ package session
 import (
 	"net/http"
 
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/web/middleware"
-
 	"gitea.com/go-chi/session"
 )
 
@@ -21,10 +18,12 @@ type Store interface {
 
 // RegenerateSession regenerates the underlying session and returns the new store
 func RegenerateSession(resp http.ResponseWriter, req *http.Request) (Store, error) {
-	// Ensure that a cookie with a trailing slash does not take precedence over
-	// the cookie written by the middleware.
-	middleware.DeleteLegacySiteCookie(resp, setting.SessionConfig.CookieName)
-
+	for _, f := range BeforeRegenerateSession {
+		f(resp, req)
+	}
 	s, err := session.RegenerateSession(resp, req)
 	return s, err
 }
+
+// BeforeRegenerateSession is a list of functions that are called before a session is regenerated.
+var BeforeRegenerateSession []func(http.ResponseWriter, *http.Request)