Release 1.5 merger

Co-authored-by: Filip Ślęzak <[email protected]>

* validate phone number during enrollment
* also check phone numbers in core API endpoints

* don't send empty strings when phone number is not providecleand
* use zod trim() instead of trimObjectStrings helper

* fix open redirect pentest issue
* add tests and handling of get requests, allow redirects if url is allowed for the client
* compare the whole url, not just domain
* cargo clippy fixes
* wip fix openid flow tests
* fix panic in the contains_redirect_url method
* cleanup eprintln statements
* bring back the other openid flow test
* state-based fallback url in openid test

* put random & secret modules into a common crate

* move DB setup code to common crate

* move version to common crate

* move id types to common crate

* move AuthCode model into common crate

* move auth key model

* move biometric auth model

* move device login model

* remove unnecessary feature flags

* move global value macro

* move model error

* move server config

* move hex module

* move protos to a separate crate

* put mailer into a separate crate

* update query data

* remove commented out code

* add new crates

* update flake inputs

* move AsCsv trait

* fix failing test

* move claims struct

* custom Debug implementation for Settings struct to avoid exposing license key in logs
* cargo update

* fix links in readme

* fix frontend links