With changes made in 8363b8 and ae291421 cookies that are mutated on the
request like `cookies.signed = x` were not retained in subsequent tests,
breaking cookie authentiation in controller tests.

The test added demonstrates the issue.

The reason we need to select from non-deleted cookies is because without
checking the `@delete_cookies` the `cookie_jar` `@cookies` will send the
wrong cookies to be updated. The code must check for `@deleted_cookies`
before sending an `#update` with the requests cookie_jar cookies.
This follows how the cookie_jar cookies from the request were updated
before these changes.