Fix OIDC “state” parameter for Authelia compatibility

This PR ensures that the OIDC login flow always generates, stores, and validates a secure “state” parameter, resolving the Authelia integration error (“The state is missing or does not have enough characters and is therefore considered too weak”).

• Implements secure state generation and session storage in the OIDC login flow.
• Validates the state parameter on callback for CSRF protection and OIDC spec compliance.

Resolves #143

/claim #143