Add JA4 monitoring/reporting to CSS cloned site alerts

[ranok]

Proposed changes

These commits expose the client's JA4 fingerprint to the token server from the AWS Cloudfront Function and to the user. JA4 fingerprints provide an approximate way to track the TLS settings of a client, and are tracked in Entra ID sign-in logs. By monitoring these values, users can correlate those logs, as well as identify new AitM kits.

This also provides us the ability (in the future) to alert on suspicious JA4 values even when the referer is valid--catching AitM kits that proxy all traffic.

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation Update

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

• Lint and unit tests pass locally with my changes (if applicable)
• I have run pre-commit (pre-commit in the repo)
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)
• Linked to the relevant github issue or github discussion

[ranok]

Screenshot showing the JA4 value provided in the Basic Info section