Add Strict CSP Headers (#243)

* Add CSP nonce support and enhance security headers

Introduced secure headers and CSP nonce to improve app security by integrating `@nosecone/next`. Updated middleware, root providers, and layout to handle nonce propagation, enabling stricter CSP policies when configured. Also upgraded dependencies and tooling versions.

* Add OTP and security guidelines documentation and additional checks on client-provided values

- Introduced additional checks on client-provided values such as cookies
- Introduced a new OTP API documentation outlining the creation and verification of OTP tokens for sensitive operations.
- Added comprehensive security guidelines for writing secure code in Next.js, covering client and server components, environment variables, authentication, and error handling.

These additions enhance the project's security posture and provide clear instructions for developers on implementing secure practices.

apps/web/components/root-providers.tsx

@@ -37,14 +37,21 @@ const CaptchaTokenSetter = dynamic(async () => {
   };
 });
 
+type RootProvidersProps = React.PropsWithChildren<{
+  // The language to use for the app (optional)
+  lang?: string;
+  // The theme (light or dark or system) (optional)
+  theme?: string;
+  // The CSP nonce to pass to scripts (optional)
+  nonce?: string;
+}>;
+
 export function RootProviders({
   lang,
   theme = appConfig.theme,
+  nonce,
   children,
-}: React.PropsWithChildren<{
-  lang?: string;
-  theme?: string;
-}>) {
+}: RootProvidersProps) {
   const i18nSettings = useMemo(() => getI18nSettings(lang), [lang]);
 
   return (
@@ -63,6 +70,7 @@ export function RootProviders({
                     disableTransitionOnChange
                     defaultTheme={theme}
                     enableColorScheme={false}
+                    nonce={nonce}
                   >
                     {children}
                   </ThemeProvider>