Bezbednost: open redirect i kolačići bez Secure atributa

- _next parametar: sanitizacija preko url.Parse (Host+Scheme prazan = relativan URL)
  umesto ručnog string check-a koji CodeQL nije prepoznavao
- Kolačići: dodat Secure atribut (true u produkciji, false u razvoju)
  na 4 mesta: ntech_sesija brisanje (auth.go, prijava.go),
  ntech_flash_greska postavljanje i brisanje (auth.go, dashboard.go)

internal/handler/dashboard.go

@@ -3,6 +3,7 @@ package handler
 import (
 	"log/slog"
 	"net/http"
+	"os"
 
 	appdb "ntech/internal/db"
 	"ntech/internal/db/sqlite"
@@ -19,10 +20,12 @@ func (h *Handler) Dashboard(w http.ResponseWriter, r *http.Request) {
 	if kol, err := r.Cookie("ntech_flash_greska"); err == nil {
 		flashGreska = kol.Value
 		http.SetCookie(w, &http.Cookie{
-			Name:   "ntech_flash_greska",
-			Value:  "",
-			Path:   "/",
-			MaxAge: -1,
+			Name:     "ntech_flash_greska",
+			Value:    "",
+			Path:     "/",
+			MaxAge:   -1,
+			HttpOnly: true,
+			Secure:   os.Getenv("NTECH_ENV") == "production",
 		})
 	}