/claim #143 /closes #143

Description

This pull request fixes an issue where OpenID Connect (OIDC) authentication fails with identity providers like Authelia that enforce the use of a state parameter and PKCE (Proof Key for Code Exchange).

Previously, the OIDC flow was missing the state and nonce parameters, causing an invalid_state error during the authentication callback phase.

This PR implements the following changes:

• Secure State Generation: A unique, cryptographically secure state parameter is generated for each authentication request and stored in the session to be verified at the callback step.
• Nonce Generation: A nonce is now generated and included in the authentication request for additional security.
• PKCE Support: The implementation already included PKCE, but this change ensures it is used correctly alongside the new state and nonce parameters.
• Enhanced Callback Validation: The callback logic now rigorously checks the state parameter and nonce claim to prevent CSRF attacks and ensure the integrity of the authentication flow.