Add Strict CSP Headers (#243)

* Add CSP nonce support and enhance security headers

Introduced secure headers and CSP nonce to improve app security by integrating `@nosecone/next`. Updated middleware, root providers, and layout to handle nonce propagation, enabling stricter CSP policies when configured. Also upgraded dependencies and tooling versions.

* Add OTP and security guidelines documentation and additional checks on client-provided values

- Introduced additional checks on client-provided values such as cookies
- Introduced a new OTP API documentation outlining the creation and verification of OTP tokens for sensitive operations.
- Added comprehensive security guidelines for writing secure code in Next.js, covering client and server components, environment variables, authentication, and error handling.

These additions enhance the project's security posture and provide clear instructions for developers on implementing secure practices.

.cursor/rules/security.mdc

@@ -126,7 +126,7 @@ Consider using OTP tokens when implementing highly destructive operations like d
 
 ### Personal Information
 
-- Never log or expose sensitive user data
+- Never log or expose sensitive user data (api keys, passwords, secrets, etc.)
 - Use proper session management
 
 ## Error Handling