Use electron-store to persist the oauth2 CLIENT_SECRET

[xrl]

We need a CLIENT_SECRET but we shouldn't store it in the ENV or JSON file. We can use electron-store to write to a file with managed encryption.

Also, to motivate why we don't need the client secret apriori, I asked the Claud AI to diagram an oauth2 flow:

sequenceDiagram
    participant User
    participant Electron App
    participant Backend Server
    participant OAuth Provider

    User->>Electron App: Initiates login
    Note over Electron App: Generates code verifier<br/>and code challenge (PKCE)
    
    Electron App->>OAuth Provider: Authorization request with<br/>code challenge + client_id
    OAuth Provider->>User: Shows login page
    User->>OAuth Provider: Enters credentials
    OAuth Provider->>Electron App: Returns authorization code
    
    Electron App->>Backend Server: Sends auth code + code verifier
    Note over Backend Server: Stores client secret<br/>securely
    Backend Server->>OAuth Provider: Exchanges code + client secret<br/>+ code verifier for tokens
    OAuth Provider->>Backend Server: Returns access/refresh tokens
    Backend Server->>Electron App: Returns tokens
    
    Note over Electron App: Stores tokens securely<br/>in system keychain
    Electron App->>User: Login complete

Loading

so I think we need to figure out the PKCE bit to "do it right"? Or something? Maybe we can send the user to the login page without user the client secret and see what happens?