Enhance OAuth security and state validation

- Implemented stricter OAuth security measures, including CSRF protection via state parameter validation and redirect_uri checks.
- Updated OAuth models to support timezone-aware datetime comparisons, replacing deprecated `utcnow`.
- Enhanced logging for malformed Basic auth headers during token, introspect, and revoke requests.
- Added allowlist validation for OAuth provider domains to prevent open redirect attacks.
- Improved nonce validation for OpenID Connect tokens, ensuring token integrity during Google provider flows.
- Updated E2E and unit tests to cover new security features and expanded OAuth state handling scenarios.

frontend/messages/en.json

@@ -153,6 +153,7 @@
       "authFailed": "Authentication Failed",
       "providerError": "The authentication provider returned an error",
       "missingParams": "Missing authentication parameters",
+      "stateMismatch": "Invalid OAuth state. Please try again.",
       "unexpectedError": "An unexpected error occurred during authentication",
       "backToLogin": "Back to Login"
     }

frontend/messages/it.json

@@ -153,6 +153,7 @@
       "authFailed": "Autenticazione Fallita",
       "providerError": "Il provider di autenticazione ha restituito un errore",
       "missingParams": "Parametri di autenticazione mancanti",
+      "stateMismatch": "Stato OAuth non valido. Riprova.",
       "unexpectedError": "Si è verificato un errore durante l'autenticazione",
       "backToLogin": "Torna al Login"
     }