feat(security,build): add COOP/COEP headers and improve PDF viewer initialization

- Add Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy headers to nginx.conf for enhanced security
- Create serve.json configuration file with security headers for local development
- Update npm scripts to use vite preview instead of serve package for consistency
- Fix PDF viewer file parameter handling to prevent fallback to default URL
- Enable annotation editor mode by default in PDF viewers (annotationEditorMode: 1)
- Improve PDF preference management by clearing conflicting annotation editor settings before loading
- Update iframe URL construction to use URL API for proper origin handling
- Refactor annotation viewer setup to use eventBus for stamp button activation instead of direct DOM manipulation
- Add localStorage preference configuration for signature editor and permissions in sign tool
- Enhance security posture by implementing COOP/COEP headers required for SharedArrayBuffer and cross-origin isolation

public/pdfjs-viewer/sign-viewer.html

@@ -207,7 +207,7 @@
       viewer: document.getElementById('viewer'),
       eventBus,
       linkService,
-      annotationEditorMode: 0,
+      annotationEditorMode: 1,
       enableScripting: true,
       renderer: 'canvas'
     });

public/pdfjs-viewer/viewer.mjs

@@ -1512,7 +1512,7 @@ class BaseExternalServices {
 class BasePreferences {
   #defaults = Object.freeze({
     altTextLearnMoreUrl: "",
-    annotationEditorMode: 0,
+    annotationEditorMode: 1,
     annotationMode: 2,
     capCanvasAreaFactor: 200,
     commentLearnMoreUrl: "",
@@ -16429,7 +16429,10 @@ const PDFViewerApplication = {
     let file;
     const queryString = document.location.search.substring(1);
     const params = parseQueryString(queryString);
-    file = params.get("file") ?? AppOptions.get("defaultUrl");
+    file = params.get("file");
+    if (!file) {
+      file = "";
+    }
     try {
       file = new URL(decodeURIComponent(file)).href;
     } catch {