fix: remplacer session save par session start avant le redirect OAuth

Le save() fermait la session prématurément. Le start() garantit que
la session est initialisée avant que le state OAuth y soit stocké.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/Controller/EtlController.php

@@ -1079,14 +1079,14 @@ class EtlController extends AbstractController
     #[Route('/etl/connect/keycloak', name: 'connect_keycloak_etl_start')]
     public function connectKeycloakEtlStart(ClientRegistry $clientRegistry, Request $request): Response
     {
+        $request->getSession()->start();
+
         $response = $clientRegistry
             ->getClient('keycloak_etl')
             ->redirect(['openid', 'profile', 'email']);
         $response->headers->set('Cache-Control', 'no-store, no-cache, must-revalidate');
         $response->headers->set('Pragma', 'no-cache');
 
-        $request->getSession()->save();
-
         return $response;
     }
 

src/Controller/HomeController.php

@@ -28,14 +28,14 @@ class HomeController extends AbstractController
     #[Route('/intranet/connect/keycloak', name: 'connect_keycloak_start')]
     public function connect(ClientRegistry $clientRegistry, Request $request): Response
     {
+        $request->getSession()->start();
+
         $response = $clientRegistry
             ->getClient('keycloak')
             ->redirect(['email', 'profile', 'openid'], []);
         $response->headers->set('Cache-Control', 'no-store, no-cache, must-revalidate');
         $response->headers->set('Pragma', 'no-cache');
 
-        $request->getSession()->save();
-
         return $response;
     }