Fixes OIDC login with Authelia by implementing secure state parameter and PKCE flow.

Changes:

• Generate secure state parameter using crypto.strong_rand_bytes
• Add PKCE implementation for authorization code protection
• Implement nonce validation for additional security
• State parameter now meets Authelia’s 8-character minimum requirement
• Multiple security layers (state + PKCE + nonce)

Resolves: #143 /claim #143