Update Google social login client ID, refresh google-services.json and replace Android ProfileScreen

[AppsTRDesign]

Motivation

• Align server-side Google ID token verification with the updated OAuth client ID to ensure social login tokens are validated against the correct client.
• Provide the Android app with the matching Firebase/Google Services configuration so mobile sign-in uses the expected OAuth clients and API key.
• Replace the Profile screen implementation on Android to use the provided Google Sign-In flow that requests the ID token, sends id_token to the backend, and logs Firebase analytics events.

Description

• Update api-app/social_login.php to verify Google ID tokens using the supplied client id 1063276280060-ufkg168easlt949km6r6bk7s3u6bg8af.apps.googleusercontent.com and preserve profile photo handling and session setup.
• Replace google-services.json with the provided JSON payload that contains the new OAuth client IDs, API key and appinvite configuration.
• Replace the Android profile UI/flow by writing the provided ProfileScreen.kt implementation under android-app/app/src/main/java/com/guidexy/app/ui/screens/ProfileScreen.kt to request ID tokens via GoogleSignInOptions, launch the sign-in intent, and send SocialAuthRequest(provider="google", id_token=...) to the backend while logging Firebase analytics events.
• Included broader project artefacts and scaffolding (backend ingestion API, frontend/admin pages, Android app modules and supporting helpers) as part of this change set to support the updated social-login flow and app features.

Testing

• No automated tests were executed for these changes.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9ce59a739a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Verify token email before matching by email

Because the lookup uses google_id = ? OR email = ? with $email taken from the client request, a user can present a valid Google ID token for their own account while supplying someone else’s email and be logged in as that account if it exists. This is an account‑takeover path for any email/password user without a google_id. Use the email from the verified $payload (and check email_verified) or only match by google_id and link accounts explicitly.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Provide google-services.json in the app module

The Google Services Gradle plugin is applied in this module, but a repo search (rg --files -g 'google-services.json') only finds the file at the repo root, not under android-app/app. With the plugin enabled, Gradle’s process*GoogleServices tasks will fail and Firebase config won’t load unless the JSON is placed in the app module (or the plugin is configured to a custom location).

Useful? React with 👍 / 👎.