Authorization Code with PKCE Flow

https://developer.spotify.com/documentation/web-api/tutorials/code-pkce-flow

1. User clicks “Login with Spotify”
2. Frontend generates code_verifier and code_challenge
3. Redirect user to Spotify with code_challenge
4. After login, Spotify redirects back with a code
5. Frontend exchanges code + code_verifier for access token
6. Store access token in Supabase session or localStorage
7. Use token to fetch Spotify data