security: fix GoogleLoginView audience check + replace Clerk with direct GIS flow

- verify_oauth2_token now passes GOOGLE_CLIENT_ID as third arg (audience check)
- fail-closed: returns 503 if GOOGLE_CLIENT_ID env var is not set
- add GOOGLE_CLIENT_ID = os.environ.get('GOOGLE_CLIENT_ID', '') to settings
- replace ClerkLoginViewTests with GoogleLoginViewTests (4 cases)
- update requirements-docker.txt

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

eventify/settings.py

@@ -196,3 +196,9 @@ SIMPLE_JWT = {
     'USER_ID_FIELD': 'id',
     'USER_ID_CLAIM': 'user_id',
 }
+
+# --- Google OAuth (Sign in with Google via GIS ID-token flow) -----------
+# The Client ID is public (safe in VITE_* env vars and the SPA bundle).
+# There is NO client secret — we use the ID-token flow, not auth-code flow.
+# Set the SAME value in the Django container .env and in SPA .env.local.
+GOOGLE_CLIENT_ID = os.environ.get('GOOGLE_CLIENT_ID', '')