Update Set-Cookie example for recent changes

Changes to our understanding of percent-encoding and headers
have made the previous example incorrect.  This brings it into
agreement with the new recommendations.

This also explains how percent-encoding and other escaping is
handled, and links to the updated Appendix D which provids more
detail including a link to the IETF draft update of the cookie
RFC that clarifies this.