Fix best-practice issues in Express.js quickstart

[sixhobbits]

The example ExpressJS quickstart (web) has a few issues.

• It uses typescript, but without types, so this just makes it harder to people who aren't familiar with typescript to use without any benefits
• it does a bunch of verification and authentication manually, instead of using https://www.passportjs.org/ which would be more standard
• it contains code like this which is fairly convoluted and not best practice

We've run into this a few times as we'd like to use this article as a starting point for some of the other examples in the documentation, and then link to this one, but because of the issues in the quickstart we have to show how to set up an express base example from scratch instead.

 const stateValue = Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
    const pkcePair = await pkceChallenge();
    res.cookie(userSession, { stateValue, verifier: pkcePair.code_verifier, challenge: pkcePair.code_challenge }, { httpOnly: true });

    res.sendFile(path.join(__dirname, '../templates/home.html'));
  }

We should rewrite this example and update the article and example repo.

[mooreds]

If this gets done, it'd be great to update all the projects that were built on top of this one.

Probably the easiest way to find them is to check out all the fusionauth-example and fusionauth-quickstart repos and grep for that stateValue creation method.