Add secret_key, CSP headers, fix debug mode

[Akshita-2307]

Summary

• Add import os and dynamic secret_key via FLASK_SECRET_KEY env var or os.urandom(24).hex()
• Add Content-Security-Policy header
• Make debug mode configurable via FLASK_DEBUG env var (fixes [Bug]: Missing secret_key, hardcoded debug=True and incomplete security headers in app.py #646)

[vercel]

Someone is attempting to deploy a commit to the komalsony234-1530's projects Team on Vercel.

A member of the Team first needs to authorize it.

[Akshita-2307]

Program: GSSoC

[komalharshita]

Thank you for the contribution.

I reviewed the changes and found that part of this PR overlaps with security fixes that have already been addressed in more recent pull requests, particularly the removal of hardcoded debug mode configuration.

Additionally, the proposed Content Security Policy introduces broader behavioral changes that would require project-wide validation to ensure existing frontend functionality is not affected. The secret key fallback implementation also changes session behavior across application restarts.

Since the branch is now out of date and has merge conflicts with the current main branch, and the primary issue has already been addressed elsewhere, I am closing this pull request.

Thank you for your contribution and interest in improving the project's security.