Harden frontend assets: disable source maps, add JS obfuscation, env var config

- Disable source maps in production builds (vite.config.ts: sourcemap: false)
- Add vite-plugin-obfuscator for JS obfuscation (hex identifiers, base64 string encoding)
- Move OIDC config behind VITE_* env vars with dev fallbacks (auth/config.ts)
- Add server_tokens off to nginx.conf to stop advertising nginx version
- Add type declaration for vite-plugin-obfuscator

frontend/src/auth/config.ts

@@ -1,10 +1,10 @@
 import { WebStorageStateStore } from "oidc-client-ts";
 
 export const oidcConfig = {
-    authority: "https://authentik.viktorbarzin.me/application/o/wrongmove/",
-    client_id: "5AJKRgcdgVm1OyApBzFkadDFfStW9a555zwv2MOe",
-    redirect_uri: import.meta.env.MODE === 'development' ? "https://localhost/callback" : "https://wrongmove.viktorbarzin.me/callback",
-    post_logout_redirect_uri: import.meta.env.MODE === 'development' ? "https://localhost/" : "https://wrongmove.viktorbarzin.me/",
+    authority: import.meta.env.VITE_OIDC_AUTHORITY || "https://authentik.viktorbarzin.me/application/o/wrongmove/",
+    client_id: import.meta.env.VITE_OIDC_CLIENT_ID || "5AJKRgcdgVm1OyApBzFkadDFfStW9a555zwv2MOe",
+    redirect_uri: import.meta.env.VITE_REDIRECT_URI || (import.meta.env.MODE === 'development' ? "https://localhost/callback" : "https://wrongmove.viktorbarzin.me/callback"),
+    post_logout_redirect_uri: import.meta.env.VITE_LOGOUT_REDIRECT_URI || (import.meta.env.MODE === 'development' ? "https://localhost/" : "https://wrongmove.viktorbarzin.me/"),
     userStore: new WebStorageStateStore({ store: window.localStorage }),
     response_type: 'code', // PKCE flow (recommended for SPAs)
     scope: 'openid profile email', // Requested scopes