fix: harden github oauth sign-in flow

[ScryUser]

Description

Fixes the GitHub OAuth sign-in flow for bounty #821 by removing the 404-prone raw fallback redirects and centralizing sign-in through the auth helper.

Changes include:

• backend authorize URL support with stored OAuth state
• direct GitHub authorize fallback using VITE_GITHUB_CLIENT_ID when the backend authorize endpoint is unavailable
• OAuth state validation before callback code exchange
• graceful callback errors for cancelled login, missing code, expired/invalid state, expired codes, and rate limits
• shared redirect helper used by navbar, hero CTA, auth guard, and bounty detail sign-in
• JWT and user session storage covered by callback tests
• restores existing shared frontend src/lib modules and narrows the broad .gitignore lib/ rule so imported frontend source is tracked

Closes #821

Solana Wallet for Payout

Wallet: C2z3FWAacvSYVrrkfpk6nQyNhF4t3z7t9iXRW1xfZPy1

Type of Change

• Bug fix
• Test addition/update

Checklist

• Code is clean and follows the issue spec exactly
• One PR per bounty (no multiple bounties in one PR)
• Tests included for new functionality
• No console.log or debugging code left behind
• No hardcoded secrets or API keys
• GitHub authorize redirect is covered
• OAuth callback state validation is covered
• JWT/user session storage is covered

Testing

• npm test -- auth-github-oauth.test.tsx
• npm run build
• git diff --check

Notes

I also ran the full npm test suite. It currently fails before running most suites because upstream tests import modules that are not present in this repository snapshot, such as ../hooks/useAdminData, ../components/tokenomics/TokenomicsPage, ../components/bounties/BountyBoard, and @playwright/test. The new OAuth-focused test file passes, and the production build passes.