feat(UI-1841): enhance login security with OAuth improvements and token encryption

[RonenMars]

Description

Overview

Complete refactor of the OAuth authentication system with comprehensive security improvements, error handling, and code quality enhancements.

🚀 Key Features

Security Enhancements

• OAuth Redirect URL Validation: Added domain allowlist validation with HTTPS enforcement to prevent open redirect attacks
• Secure Error Logging: All sensitive operations use structured logging with consoleOnly: true flag
• Type Safety: Replaced all any types with proper TypeScript interfaces

Error Handling & Resilience

• Retry Mechanism: Implemented exponential backoff retry logic for OAuth failures (3 attempts, 1000ms base delay)
• Error Boundaries: Added React error boundaries specifically for OAuth components with fallback UI
• Toast Notifications: User-friendly error messages with internationalization support

Code Quality Improvements

• Logging Integration: Replaced all console statements with structured LoggerService calls
• Configuration Constants: Extracted hardcoded values to configurable constants (oauthConfig, oauthRetryConfig)
• Clean Architecture: Proper separation of concerns with dedicated utility functions and interfaces

🛡️ Security Features

OAuth Redirect Validation

export const oauthConfig = {
  allowedDomains: [
    "github.com",
    "api.github.com", 
    "accounts.google.com",
    "login.microsoftonline.com",
    "oauth.descope.com",
    "api.descope.com",
  ] as const,
  protocol: "https:",
} as const;

Error Boundary Protection

• Comprehensive error catching for OAuth component failures
• Graceful fallback UI with retry and navigation options
• Structured error logging for debugging

🔄 Retry Mechanism

export const oauthRetryConfig = {
  maxAttempts: 3,
  baseDelayMs: 1000,
} as const;

• Exponential backoff: 1s, 2s, 3s delays between retries
• Automatic retry for network failures and temporary OAuth errors
• User-friendly error messages after all retries are exhausted

Impact: This refactor significantly improves the security, reliability, and maintainability of the OAuth authentication system while maintaining backward compatibility.

Linear Ticket

https://linear.app/autokitteh/issue/UI-1841/reduce-login-screen-flash-after-successful-authentication

What type of PR is this? (check all applicable)

• 💡 (feat) - A new feature (non-breaking change which adds functionality)
• 🔄 (refactor) - Code Refactoring - A code change that neither fixes a bug nor adds a feature
• 🐞 (fix) - Bug Fix (non-breaking change which fixes an issue)
• 🏎 (perf) - Optimization
• 📄 (docs) - Documentation - Documentation only changes
• 📄 (test) - Tests - Adding missing tests or correcting existing tests
• 🎨 (style) - Styles - Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
• ⚙️ (ci) - Continuous Integrations - Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)
• ☑️ (chore) - Chores - Other changes that don't modify src or test files
• ↩️ (revert) - Reverts - Reverts a previous commit(s).