OIDC / OAuth2 Authentication Support

PRD: OIDC / OAuth2 Authentication Support

Problem: Unibee currently uses a custom session management system that requires manual session creation via API calls. This creates friction when integrating with external identity providers like Hjallr CRM and makes it difficult to embed Unibee portals seamlessly within other applications.

Solution: Implement OIDC/OAuth2 client support to enable seamless authentication with external identity providers, allowing users to access Unibee portals without re-authentication if already logged into their identity provider.

Detailed PRD: See prds/2-oidc-oauth2-support.md

Priority: High (Blocker for Brondings integration - Issue #1)