fix(docs): replace Math.random() with crypto.randomUUID() for SIWE nonces

[faisalnugroho]

Summary

Replace all instances of Math.random() used for SIWE nonce generation with crypto.randomUUID().

Files fixed:

• sign-in-with-base-button.mdx — nonce generation
• sign-and-verify-typed-data.mdx — nonce generation
• wagmi/setup.mdx — client nonce generation

Why

Math.random() is not cryptographically secure. Predictable nonces can be exploited for replay attacks. crypto.randomUUID() is:

• Cryptographically secure (Web Crypto API)
• Available in all modern browsers and Node.js 19+
• Already used in the authenticate-users guide

Test Plan

• Verify all code examples still work with the new nonce format
• No other instances of Math.random() remain in SIWE-related docs

Closes #1477

[cb-heimdall]

🟡 Heimdall Review Status

Requirement	Status	More Info
Reviews	🟡 0/2	Denominator calculation Show calculation 1 if user is bot 0 1 if user is external 0 2 if repo is sensitive 0 From .codeflow.yml 1 Additional review requirements Show calculation Max 0 0 From CODEOWNERS 0 Global minimum 0 Max 1 1 1 if commit is unverified 1 Sum 2

[faisalnugroho]

Hi! Following up on this security fix PR. This PR replaces Math.random() with crypto.randomUUID() for SIWE nonce generation. Math.random() is not cryptographically secure and could allow nonce prediction attacks.

All CI checks pass (StepSecurity ✅). Would love to get your review when you have a moment. Thanks!