Improve admin i18n hydration, bundle loading, and sign-out redirect safety

[iPazooki]

Motivation

• Prevent client-side language/RTL flips and reduce visual jank by initializing locale server-side and keeping SSR/CSR in sync.
• Centralize locale validation and persistence to make i18n behavior deterministic and easier to maintain.
• Reduce runtime bundle work for non-production flows and harden sign-out redirect handling to eliminate unsafe client redirects.

Description

• Make RootLayout async and read the admin-locale cookie via next/headers, set <html lang> and <html dir> and pass initialLocale into LanguageProvider to avoid hydration mismatch (src/app/layout.tsx).
• Refactor LanguageProvider to accept initialLocale, read localStorage once during state initialization, and persist locale to both localStorage and an admin-locale cookie (src/context/LanguageContext.tsx).
• Add supportedLocales and isLocale helpers in src/i18n/index.ts to centralize locale validation.
• Lazy-load React Query DevTools with next/dynamic (SSR disabled) to keep devtools out of the normal production execution path (src/context/QueryContext.tsx).
• Harden logout navigation by validating the returned logout URL (HTTPS + trusted host allowlist) before calling window.location.assign and falling back to / when unsafe (src/components/header/UserDropdown.tsx).

Testing

• Ran npx eslint src/app/layout.tsx src/context/LanguageContext.tsx src/context/QueryContext.tsx src/components/header/UserDropdown.tsx src/i18n/index.ts which succeeded for the modified files.
• Ran npm run lint which still fails due to pre-existing unrelated lint issues elsewhere in the repo (e.g. no-explicit-any, React compiler warnings).
• Ran npx tsc --noEmit which also fails due to unrelated type errors in existing components, so type-checking across the whole repo was not fully green.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 39a15974bd

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Include Keycloak issuer in trusted logout redirects

The new redirect filter only trusts window.location.hostname and login.microsoftonline.com, but /api/auth/federated-logout returns a Keycloak issuer logout URL whenever AUTH_PROVIDER is not Entra (the route even defaults to Keycloak). In that common path, resolveSafeRedirectUrl always falls back to /, so users are signed out locally but never sent to the IdP logout endpoint, leaving SSO sessions active and causing immediate re-login behavior on next sign-in.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Keep hydration locale aligned with server-provided locale

Initializing locale from localStorage before initialLocale can desynchronize SSR and CSR when users already have a stored locale but no admin-locale cookie yet (or a stale cookie). In that case the server renders with initialLocale from cookies while the client hydrates with the stored locale, causing translation/dir mismatch during hydration; since the cookie is only written in setLocale, this can repeat on every hard reload until the user manually changes language.

Useful? React with 👍 / 👎.