🔒 FertileNotify OTP Security Flaw: Insecure Random Number Generation Exposed in OtpService

A critical security vulnerability has been patched in FertileNotify's authentication system, where the One-Time Password (OTP) generation mechanism relied on the predictable `System.Random` class. This insecure method, which is not cryptographically secure, could have allowed an attacker to guess or predict OTPs if the seed was known or deduced, potentially compromising user account security.

The fix, implemented in `OtpService.cs`, replaces the vulnerable `System.Random` with `System.Security.Cryptography.RandomNumberGenerator.GetInt32()`, ensuring cryptographically secure random integer generation. The change is highly localized, involving fewer than ten lines of code, and aligns with established .NET security best practices. To validate the correction, a new unit test suite (`OtpServiceTests.cs`) was added to verify OTP length, successful validation, rejection of invalid codes, and proper cache cleanup post-verification.

While the core fix is straightforward, the incident highlights a foundational security oversight in a critical authentication component. The vulnerability's discovery and remediation underscore the persistent risk of using non-cryptographic randomizers in security-sensitive contexts. Although the new unit tests could not be fully executed due to environmental `dotnet build` timeouts, the logic was reviewed, and the patch itself is considered a direct and necessary upgrade to the system's defensive posture.