feat(oidc): add debug logging and migrate client secret hashing to Flask-Bcrypt

- Add comprehensive debug logging across OIDC endpoints and services for development troubleshooting
- Implement backward-compatible password hash checking with automatic migration from raw bcrypt to Flask-Bcrypt format
- Refactor logging configuration to ensure proper propagation across all app modules
- Configure root logger and disable Werkzeug duplication for cleaner log output
- Initialize OIDC JWKS service on application startup
- Update seed script to use Flask-Bcrypt for client secret hashing
- Fix audit service to use correct event_metadata parameter

BREAKING CHANGE: Client secrets created with old raw bcrypt format will be automatically migrated to Flask-Bcrypt format on first successful authentication

scripts/seed_data.py

@@ -8,7 +8,6 @@ This script creates:
 """
 import sys
 import secrets
-import hashlib
 from dotenv import load_dotenv
 
 # Load environment variables FIRST before any app imports
@@ -122,14 +121,16 @@ def create_or_get_oidc_client(org_id, name, client_id, client_secret,
                                redirect_uris, grant_types, response_types, scopes,
                                **kwargs):
     """Create an OIDC client if it doesn't exist, or return existing client."""
+    from app.extensions import bcrypt
+    
     existing = OIDCClient.query.filter_by(client_id=client_id, deleted_at=None).first()
     if existing:
         print(f"  → OIDC Client {name} already exists, skipping")
         return existing
     
     try:
-        # Hash the client secret
-        client_secret_hash = hashlib.sha256(client_secret.encode()).hexdigest()
+        # Hash the client secret using Flask-Bcrypt (same as oidc_register)
+        client_secret_hash = bcrypt.generate_password_hash(client_secret).decode("utf-8")
         
         client = OIDCClient(
             organization_id=org_id,