Harden frontend assets: disable source maps, add JS obfuscation, env var config

- Disable source maps in production builds (vite.config.ts: sourcemap: false)
- Add vite-plugin-obfuscator for JS obfuscation (hex identifiers, base64 string encoding)
- Move OIDC config behind VITE_* env vars with dev fallbacks (auth/config.ts)
- Add server_tokens off to nginx.conf to stop advertising nginx version
- Add type declaration for vite-plugin-obfuscator

frontend/vite-plugin-obfuscator.d.ts

@@ -0,0 +1,4 @@
+declare module 'vite-plugin-obfuscator' {
+  import type { Plugin } from 'vite';
+  export function viteObfuscateFile(options?: Record<string, unknown>): Plugin;
+}