Harden SIWE authentication examples

[kozemyrpol]

What changed? Why?

This hardens the Base Account Authenticate Users examples so copied backend code validates the full SIWE intent, not just the cryptographic signature.

• Uses publicClient.verifySiweMessage instead of verifyMessage for SIWE login verification.
• Checks the parsed nonce against the server-side nonce store before accepting the login.
• Passes the expected SIWE domain and nonce into verification to prevent cross-domain and replay acceptance.
• Replaces the Express example's fragile regex nonce extraction with parseSiweMessage.

Closes #1502.

Notes to reviewers

The minimal snippet keeps yourapp.com as the placeholder domain, while the Express example reads SIWE_DOMAIN with a localhost:3000 development default.

How has it been tested?

• git diff --check
• node scripts/lint-mdx.js docs/base-account/guides/authenticate-users.mdx was run; the current repository linter reports existing code-fence false positives on this page, including unchanged closing fences.

[cb-heimdall]

🟡 Heimdall Review Status

Requirement	Status	More Info
Reviews	🟡 0/2	Denominator calculation Show calculation 1 if user is bot 0 1 if user is external 0 2 if repo is sensitive 0 From .codeflow.yml 1 Additional review requirements Show calculation Max 0 0 From CODEOWNERS 0 Global minimum 0 Max 1 1 1 if commit is unverified 1 Sum 2