feat(frontend): scaffold Tailwind design system + routing + auth callback

- Tailwind v3 + PostCSS + autoprefixer
- BrowserRouter with Layout shell (Header, theme toggle dark/light)
- Pages: HomePage, CallbackPage (SuperOAuth callback handler)
- hooks/useAuth.ts + lib/api.ts (API client base)
- styles/index.css (Tailwind directives)
- Theme persisted in localStorage (od-theme)

frontend/src/pages/CallbackPage.tsx

@@ -0,0 +1,47 @@
+import { useEffect, useState } from 'react';
+import { useNavigate } from 'react-router-dom';
+import { apiFetch } from '../lib/api';
+
+export default function CallbackPage() {
+  const navigate = useNavigate();
+  const [error, setError] = useState<string | null>(null);
+
+  useEffect(() => {
+    const params = new URLSearchParams(window.location.search);
+    const token = params.get('token');
+
+    // Pas de token dans l'URL → retour silencieux
+    if (!token) {
+      navigate('/', { replace: true });
+      return;
+    }
+
+    // Envoie le token au backend → backend valide + pose le cookie httpOnly
+    apiFetch<void>('/auth/session', {
+      method: 'POST',
+      body: JSON.stringify({ token }),
+    })
+      .then(() => navigate('/', { replace: true }))
+      .catch(() => setError("Échec de l'authentification. Réessaie."));
+  }, [navigate]);
+
+  if (error) {
+    return (
+      <div className="flex flex-col items-center gap-4 pt-20">
+        <p className="text-od-crit">{error}</p>
+        <a
+          href="/"
+          className="font-mono text-xs text-od-muted hover:text-od-text transition-colors"
+        >
+          ← Retour à l'accueil
+        </a>
+      </div>
+    );
+  }
+
+  return (
+    <div className="flex items-center justify-center pt-20">
+      <p className="font-mono text-sm text-od-muted">Connexion en cours…</p>
+    </div>
+  );
+}