Validate the nonce before we set our authenticated state

[dkotter]

Description of the Change

More plugin review feedback was provided around needing a nonce check before we update our authenticated state to true. While we could probably argue our way around this, as we don't actually store any value sent in the URL, we just compare that value to what we already have stored to ensure they match (and thus don't really need a nonce check here), was easy enough to adjust the middleware to send back the initial nonce we give them and then verify that.

So this PR will rely on changes to the middleware (handled in a separate PR in that repo) to fully function.

In addition, changed our check to only fire in the admin and for administrators, which also reduces the scope of when this code is run.

Note

This PR is branched from the plugin-submission branch. This is to help keep a clean slate of what we have submitted to that team for review. We'll want to ensure the code changes here also get merged into develop after

How to test the Change

1. Checkout the corresponding middleware PR and set that up to run locally
2. Go through the authentication process in WordPress
3. Ensure you end up on a success screen and verify authenticated = true in the stored settings

Changelog Entry

Added - Verify our initial nonce before setting the authenticated state

Credits

Props @dkotter

Checklist:

• I agree to follow this project's Code of Conduct.
• I have updated the documentation accordingly.
• I have added Critical Flows, Test Cases, and/or End-to-End Tests to cover my change.
• All new and existing tests pass.