login: Add option for opening new window

[chrysn]

Closes: #42

This consists of two parts:

• Add a setting to make the login window into a new window (done)
• Add a function through which information can be propagated back from that new window by other means than the current URL (works but needs cleanup before committing)

I'm starting this as a draft PR already with only the 1st part to get familiar with this project's automated checks.

There's an application pattern that goes with it (have the redirect URI be a simple HTML page with something like <script>new BroadcastChannel("oauth_response_query").postMessage(window.location.href); window.close();</script> and having an event listener on that channel feed this event into the OAuth2 context), and I do plan to document that somewhere, but I have no clue whether it's best practice to do that way, so this will need to come with some caveat note.

[chrysn]

The second commit now refactors detect_state() into a part that pulls the state out of the query string, and a part that takes further actions on that state (process_state()).

I don't have a small example yet, but the gist of how to use the broadcast channel pattern described above is that inside the login view (somewhere where let agent = use_auth_agent() has succeeded), a broadcast channel listener roughly like this sits and waits for responses to an off-window login to come in:

    let channel = web_sys::BroadcastChannel::new("oauth_response_query").unwrap();
    let subscription = gloo_events::EventListener::new(&channel, "message", move |m| {
        let m = web_sys::MessageEvent::from(wasm_bindgen::JsValue::from(m));
        let data = m.data().as_string().unwrap();
        agent.feed_full_redirected(&data);
    });

    use_effect_with((), |_| {
        move || {
            drop(subscription);
        }
    });

(with some extra filtering in case there are multiple logins to avoid #43)