I was able to mark the ‘i_like_gitea’ cookie as secured by using the COOKIE_SECURE option,
but I am not able to mark the ‘_csrf’ cookie as secured
Sorry about the late reply!
I’ve quickly made a PR to fix the bug, which, as it turns out, was already reported. https://github.com/go-gitea/gitea/pull/3833 
https://github.com/go-gitea/gitea/pull/3839 has been merged, and this is now solved.