Fix "invalid grant" error during Google Oauth

[davinotdavid]

What changed?

backend/src/appointment/routes/google.py

• We are now storing the OAuth code_verifier in the session object.

backend/src/appointment/controller/apis/google_client.py

• Instead of re-using an in-memory Flow instance for the OAuth exchange, we are now creating a fresh one. Paired with storing the code_verifier in the session object, we can make sure that the Flow object keeps the same code_verifier throughout the OAuth process.

Why?

The error that we were getting back was "Invalid grant" which seems to happen due to a PKCE (Proof Key for Code Exchange) error on the `code_verifier. Stage and Prod share the same Google Cloud app / project, which is puzzling on why stage works well and prod doesn't or is at best intermittent.

Example issue in Sentry:
https://thunderbird.sentry.io/issues/7302416178/?environment=prod&project=4505428124827648&query=is%3Aunresolved&referrer=issue-stream

One possible explanation is that since we are storing the Flow instance in memory, the request to start the OAuth and the callback request happen in two different Fargate instances so the code_verifier check fails when attempting to get credentials.

Applicable Issues

Fixes #1629

[devmount]

Thanks so much Davi!

Code looks good and I can confirm, that I can add Google calendars again locally (didn't work on main, so I could reproduce the issue).