feat: Implement CSRF protection and PostgreSQL support

- Added CSRF protection mechanism in the backend with utility functions for token management.
- Introduced a new CSRF route to fetch the active CSRF token for SPA bootstrap flows.
- Updated the auth routes to validate CSRF tokens on sensitive operations.
- Configured PostgreSQL as a database option in the environment settings and Docker Compose.
- Created a new SQLite configuration file for local development.
- Enhanced the API client to automatically attach CSRF tokens to requests.
- Updated various frontend components to utilize the new site origin utility for SEO purposes.
- Modified Nginx configuration to improve redirection and SEO headers.
- Added tests for CSRF token handling in the authentication routes.

backend/app/routes/auth.py

@@ -19,6 +19,7 @@ from app.utils.auth import (
     login_user_session,
     logout_user_session,
 )
+from app.utils.csrf import get_or_create_csrf_token
 
 auth_bp = Blueprint("auth", __name__)
 
@@ -105,6 +106,13 @@ def me_route():
     return jsonify({"authenticated": True, "user": user}), 200
 
 
+@auth_bp.route("/csrf", methods=["GET"])
+@limiter.limit("240/hour")
+def csrf_route():
+    """Return the active CSRF token for SPA bootstrap flows."""
+    return jsonify({"csrf_token": get_or_create_csrf_token()}), 200
+
+
 @auth_bp.route("/forgot-password", methods=["POST"])
 @limiter.limit("5/hour")
 def forgot_password_route():