fix: config key mismatch and safe Guid parsing in backend controllers

[Copilot]

Two OAuth token exchange endpoints were silently broken due to a config key mismatch, and Guid.Parse across IssuesController would throw unhandled 500s on malformed JWT claims.

Changes

Config key mismatch (GitHub:RedirectUri → GitHub:CallbackUrl)

• AuthController.cs and GitHubService.cs both read GitHub:RedirectUri, which is not defined in appsettings.json — the actual key is GitHub:CallbackUrl. This caused OAuth token exchange to always send an empty redirect_uri.

Defensive Guid parsing in IssuesController

• Replaced Guid.Parse with Guid.TryParse in ClaimQuest, GetMyQuests, and SubmitQuest — a malformed claim now returns 401 instead of throwing a FormatException.
• Standardized error messages across all three endpoints for consistency.

// Before — throws FormatException on bad claim
var userId = Guid.Parse(userIdClaim);

// After — returns 401 gracefully
if (!Guid.TryParse(userIdClaim, out var userId))
    return Unauthorized("Invalid user ID in token.");

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.