This release makes the \PSR7Sessions\Storageless\Http\Configuration object readonly.
The configuration can now be instantiated only from its ::fromJwtConfiguration factory method, and its attributes can be "changed" only with their respective ::with* methods.
Note that every ::with* method call returns a new object, keeping the previous one unchanged.

Active sessions issued with v9 and without a client fingerprint are compatible with the new v10: the changes are at the API level only.
Sessions issued with v9 and with a SameOriginRequest client fingerprint are instead invalid because the hash function has changed from sha256 to blake2b.

This is a major release and breaks backwards compatibility.

Specifically, following changes are relevant:

[BC] REMOVED: Method PSR7Sessions\Storageless\Http\Configuration#__construct() was removed
[BC] CHANGED: Method __construct() of class PSR7Sessions\Storageless\Http\Configuration visibility reduced from public to private
[BC] CHANGED: The number of required arguments for PSR7Sessions\Storageless\Http\Configuration#__construct() increased from 1 to 7
[BC] CHANGED: The return type of PSR7Sessions\Storageless\Http\Configuration#getClock() changed from Lcobucci\Clock\Clock to the non-covariant Psr\Clock\ClockInterface