fix(GRO-1236): set VITE_API_URL and use /admin as OAuth callback URL (#403)

Two root causes fixed:
1. VITE_API_URL was empty in .env.production, so Better-Auth's client
   had no baseURL and could not correctly route the OAuth callback.
2. OAuth callbackURL was window.location.origin (root path), causing
   Better-Auth to redirect to / instead of /admin after login — since
   unauthenticated users at / are redirected to /login, this created a
   loop that appeared as 'session not persisting.'

With VITE_API_URL=https://uat.groombook.dev and callbackURL=/admin,
the callback lands on /admin which renders the admin layout and
correctly establishes the session cookie.

Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>

apps/web/.env.production

@@ -1 +1 @@
-VITE_API_URL=
+VITE_API_URL=https://uat.groombook.dev

apps/web/src/App.tsx

@@ -40,7 +40,10 @@ function LoginPage() {
   const handleSocialLogin = async (provider: string) => {
     setIsLoading(true);
     setError(null);
-    const result = await signIn.social({ provider, callbackURL: window.location.origin });
+    // Use /admin as callback URL so Better-Auth redirects to the app's dashboard
+    // after the OAuth callback completes, rather than back to /login
+    const callbackURL = `${window.location.origin}/admin`;
+    const result = await signIn.social({ provider, callbackURL });
     if (result?.error) {
       setError(result.error.message ?? "Sign-in failed");
       setIsLoading(false);