fix: security fixes

[karl-cardenas-coding]

Describe the Change

This PR adds a CodeQL configuration file and addresses a security vulnerability related to the CSRF attack. Other changes include:

• Upgrading to Go 1.23

• Adding the HTMX attribute hx-history="false" to prevent storing sensitive data in local browser storage.

• Randomize the state identifier in the token request.

• Closes Fix code scanning alert - Use of constant state value in OAuth 2.0 URL #24

Checklist

• Open Source License list updated? Use make opensource to update the list.

• License header updated? Use make license to update the header.

[codecov]

Codecov Report

Attention: Patch coverage is 33.33333% with 16 lines in your changes missing coverage. Please review.

Project coverage is 50.57%. Comparing base (576e907) to head (bd47bb9).
Report is 1 commits behind head on main.

Files	Patch %	Lines
cmd/login.go	0.00%	13 Missing ⚠️
internal/auth.go	72.72%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #25      +/-   ##
==========================================
- Coverage   50.74%   50.57%   -0.18%     
==========================================
  Files          21       21              
  Lines        1815     1833      +18     
==========================================
+ Hits          921      927       +6     
- Misses        798      809      +11     
- Partials       96       97       +1     

Files	Coverage Δ
internal/auth.go	75.00% <72.72%> (-0.95%)	⬇️
cmd/login.go	3.08% <0.00%> (-0.19%)	⬇️