feat(auth): Complete OIDC security refactor and modernize test suite

- Refactored OIDC flow to implement PKCE, state/nonce validation, and BFF pattern.
- Centralized configuration in Settings class (DEV_MODE, FRONTEND_URL, OIDC_REDIRECT_URI).
- Updated auth routers to use conditional secure cookie flags based on DEV_MODE.
- Modernized and cleaned up test suite by removing legacy Streamlit tests.
- Fixed linting errors and unused imports across the backend.

frontend/src/App.tsx

@@ -3,7 +3,6 @@ import { Routes, Route } from "react-router-dom"
 import { MainLayout } from "./components/layout/MainLayout"
 import { LoginForm } from "./components/auth/LoginForm"
 import { RegisterForm } from "./components/auth/RegisterForm"
-import { AuthCallback } from "./components/auth/AuthCallback"
 import { ChatInterface } from "./components/chat/ChatInterface"
 import { AuthService, type UserResponse } from "./services/auth"
 import { ChatService, type MessageResponse } from "./services/chat"
@@ -136,6 +135,9 @@ function App() {
     setThreadMessages(prev => ({ ...prev, [id]: messages }))
   }
 
+  const queryParams = new URLSearchParams(window.location.search)
+  const externalError = queryParams.get("error")
+
   if (isLoading) {
     return (
       <div className="min-h-screen flex items-center justify-center bg-background">
@@ -146,7 +148,6 @@ function App() {
 
   return (
     <Routes>
-      <Route path="/auth/callback" element={<AuthCallback />} />
       <Route
         path="*"
         element={
@@ -156,6 +157,7 @@ function App() {
                 <LoginForm
                   onSuccess={handleAuthSuccess}
                   onToggleMode={() => setAuthMode("register")}
+                  externalError={externalError === "oidc_failed" ? "SSO authentication failed. Please try again." : null}
                 />
               ) : (
                 <RegisterForm