[WIP] Propose using Broadcast Channel for Apple authentication in Android

[Codex]

Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.

---

This section details on the original issue you should resolve

<issue_title>Proposal: Use Broadcast Channel for Apple Authentication in Android 🍎</issue_title>
<issue_description>I'd like to suggest using Broadcast Channel for handling the client-server communication during Apple Sign-In authentication, rather than the current approach which requires setting up intents and server-side URL binding.

Current Implementation:

The existing solution requires:

• Setting up intent handling in Android
• Configuring server-side URL binding
• Managing the redirect flow between client and server

Proposed Change:

Using Broadcast Channel could offer several benefits:

• Simpler communication pattern between client and server
• No need for complex URL binding configuration
• More straightforward implementation for developers
• Potentially more reliable message passing

Implementation notes:

• Broadcast Channel API is well-supported across modern platforms
• Would reduce the setup complexity for developers integrating the authentication
• Could make the codebase more maintainable

Happy to hear your thoughts on this approach! 💭</issue_description>

<agent_instructions>the goal is to make the login the more smooth possible and simple to setup</agent_instructions>

Comments on the Issue (you are @codex[agent] in this section)

@WcaleNieWolny Hello, although up until today I have never thought about `Broadcast Channel` on Android, I would like to take the opportunity to explain Apple Login on Android, and the challenges associated with it.

Firstly, Apple login on Android will always require a backend server. Period. This is a STRICT requirement from Apple.
Nevertheless, intent handling on Android was a conscious design decision from my end. Martin strongly opposed it.

I understand that it may be inconvenient, however it often simplifies the login for the end user. Before intents, this plugin was using a webview. Using a webview was less secure; however, it was easier to implement in any app as it did not require custom intents. However, using a webview did not allow the usage of logging in via a device (instead of a password) or saving the password.

Currently, the plugin opens the login page in Chrome. This means that we have no control over the behavior of the browser.
I am happy to explore broadcast channel on Android, as long as the implementation doesn't compromise the security of the end user or their experience.

Please let me know if a broadcast will redirect the user back into our app from Chrome. If it does, I would love to explore this further. However, if a broadcast is not possible to be send from Chrome or if it doesn't redirect the user back to the app, then I do not see a place for it in the codebase.</comment_new>
<comment_new>@WcaleNieWolny
This looks promising, I will admit that I have never heard of trusted web activity</comment_new>
<comment_new>@riderx
@yakovyarmo please test 7.12.0 :)

@riderx @codex can you fix it ?