Encrypt OAuth Provider ClientSecret before storing in database to prevent
sensitive credential exposure in case of database breach.
- Encrypt ClientSecret on create using cfg.Config.Key.Encrypt()
- Encrypt ClientSecret on update when provided
- Decrypt ClientSecret before use in OAuth token exchange
- Add AES-GCM encryption/decryption functions to crypto package
- Gracefully handle legacy plaintext secrets during transition
veypi