fix: use base64url encoding for OAuth state nonce in remaining locations

Follow-up to PR #574 - the same base64 vs base64url encoding mismatch
existed in two other locations that generate OAuth state nonces.

The security fix (50e230c) added validation expecting base64url-encoded
nonces, but these UI routes were still using standard base64 encoding.

Author: andris9

lib/routes-ui.js

@@ -4341,7 +4341,7 @@ ${Buffer.from(data.content, 'base64url').toString('base64')}
                 name: request.payload.name,
 
                 // identify request
-                n: crypto.randomBytes(NONCE_BYTES).toString('base64'),
+                n: crypto.randomBytes(NONCE_BYTES).toString('base64url'),
                 t: Date.now()
             });
 

lib/ui-routes/account-routes.js

@@ -426,7 +426,7 @@ function init(args) {
                 name: request.payload.name,
 
                 // identify request
-                n: crypto.randomBytes(NONCE_BYTES).toString('base64'),
+                n: crypto.randomBytes(NONCE_BYTES).toString('base64url'),
                 t: Date.now()
             });