Update autologout module (required js_cookie update)

[arpage]

Jira ticket

DIGITAL-732

Purpose

Drupal has announced a “moderately critical” cross-site-request forgery vulnerability in autologout: https://www.drupal.org/sa-contrib-2026-030

We currently use version 2.0.1, so we should upgrade to 2.0.2.

Includes the following PRs that must be merged first

Deployment and testing

Local Setup

1. Rebuild with the new branch
2. Get a localhost login w/ lando drush uli
3. Open the cms with the URL from the above uli command
4. Wait...
5. Come back in 30 minutes and make sure the CMS has logged you out

QA/Testing instructions

1. Login to the CMS
2. Wait...
3. Come back in 30 minutes and make sure the CMS has logged you out

Checklist for the Developer

• A link to the JIRA ticket has been included above.
• No merge conflicts exist with the target branch.
• Automated tests have passed on this PR.
• A reviewer has been designated.
• Deployment and testing steps have been documented above, if applicable.

Checklist for the Peer Reviewers

• The file changes are relevant to the task objective.
• Code is readable and includes appropriate commenting.
• Code standards and best practices are followed.
• QA/Test steps were successfully completed, if applicable.
• Applicable logs are free of errors.

[akf]

Looks good, but there's another merge conflict in composer.lock -- unavoidable with all these composer updates.