Harden frontend assets: disable source maps, add JS obfuscation, env var config

- Disable source maps in production builds (vite.config.ts: sourcemap: false)
- Add vite-plugin-obfuscator for JS obfuscation (hex identifiers, base64 string encoding)
- Move OIDC config behind VITE_* env vars with dev fallbacks (auth/config.ts)
- Add server_tokens off to nginx.conf to stop advertising nginx version
- Add type declaration for vite-plugin-obfuscator

frontend/vite.config.ts

@@ -3,12 +3,30 @@ import react from '@vitejs/plugin-react-swc';
 import path from "path";
 import { env } from "process";
 import { defineConfig } from 'vite';
+import { viteObfuscateFile } from 'vite-plugin-obfuscator';
 
 // https://vite.dev/config/
 export default defineConfig({
-  plugins: [react(), tailwindcss()],
+  plugins: [
+    react(),
+    tailwindcss(),
+    viteObfuscateFile({
+      compact: true,
+      controlFlowFlattening: false,
+      deadCodeInjection: false,
+      debugProtection: false,
+      identifierNamesGenerator: 'hexadecimal',
+      renameGlobals: false,
+      stringArray: true,
+      stringArrayThreshold: 0.75,
+      stringArrayEncoding: ['base64'],
+      splitStrings: true,
+      splitStringsChunkLength: 10,
+    }),
+  ],
   build: {
-    outDir: "dist"
+    outDir: "dist",
+    sourcemap: false,
   },
   resolve: {
     alias: {