Add support for custom state and nonce parameters in OAuth2 authorization

- Add optional state parameter support to OAuth2Provider constructor
- Add optional nonce parameter support to OAuth2Provider constructor
- Use custom state parameter if provided, otherwise generate UUID (maintains backward compatibility)
- Include nonce parameter in authorization URL when provided
- Both parameters are properly URL-encoded for security

This enables developers to:
- Pass custom state values for enhanced CSRF protection
- Include nonce parameter for OpenID Connect ID token verification
- Maintain existing behavior when parameters are not provided

Note: The existing commented-out state verification code in _OpenBrowserForAuthorisation
should be uncommented and updated to properly validate returned state parameters.

Author: KyleKincer