[P1] Replace manual OAuth login JSON response construction with typed DTO serialization

[jjoonleo]

Problem

OAuth login responses are built manually using String.format and direct string concatenation instead of JSON serialization.

Why this is not production ready

Manual JSON construction can produce invalid JSON or allow response-shaping issues when user-controlled values contain quotes, backslashes, newlines, or other special characters. It also makes response schemas inconsistent across login methods.

Evidence

• GoogleLoginService.handleLogin and handleRegister build JSON strings manually.
• AppleLoginService.handleLogin and handleRegister build JSON strings manually.
• KakaoLoginFilter.handleLogin and handleRegister build JSON strings manually.
• Fields such as name, note, and provider profile values can originate from users/providers and may contain JSON-special characters.

Required work

• Return DTOs through Spring MVC/ObjectMapper rather than writing manual strings.
• Unify social login response schema across Google, Apple, and Kakao.
• Ensure response writing happens once per request and does not conflict with filter success handlers.
• Add tests for names/notes containing quotes, newline characters, Unicode, and null values.

Acceptance criteria

• Login responses are valid JSON for all user/provider field values.
• Social login responses share a documented schema.
• Tests prove JSON escaping and null handling are correct.