feat: authentification PKCE Keycloak au démarrage de l'application

Remplace le password grant par Authorization Code + PKCE via Custom Tab.
L'utilisateur est redirigé vers Keycloak à l'ouverture si non connecté,
le token est stocké dans EncryptedSharedPreferences et rafraîchi automatiquement.
Le deep link com.planify.mobile://auth/callback capture le code de retour.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

gradle/libs.versions.toml

@@ -16,6 +16,7 @@ datastore = "1.1.1"
 securityCrypto = "1.1.0-alpha06"
 workManager = "2.10.0"
 serialization = "1.7.3"
+browser = "1.8.0"
 junit = "4.13.2"
 junitExt = "1.2.1"
 espressoCore = "3.6.1"
@@ -50,6 +51,7 @@ datastore-preferences = { group = "androidx.datastore", name = "datastore-prefer
 security-crypto = { group = "androidx.security", name = "security-crypto", version.ref = "securityCrypto" }
 work-runtime-ktx = { group = "androidx.work", name = "work-runtime-ktx", version.ref = "workManager" }
 kotlinx-serialization-json = { group = "org.jetbrains.kotlinx", name = "kotlinx-serialization-json", version.ref = "serialization" }
+androidx-browser = { group = "androidx.browser", name = "browser", version.ref = "browser" }
 junit = { group = "junit", name = "junit", version.ref = "junit" }
 androidx-junit = { group = "androidx.test.ext", name = "junit", version.ref = "junitExt" }
 androidx-espresso-core = { group = "androidx.test.espresso", name = "espresso-core", version.ref = "espressoCore" }