The basic architecture would follow this:
- Create a SharePoint Addin with Tenant FullControl rights. This is required to see all SharePoint Online sites.
- Store the Client Secret in an Azure KeyVault.
- Create an Azure Function. This function will be triggered by your web part. You can use the SharePoint Search REST API to find all sites. You will need this solution to connect to the KeyVault previously created to retrieve the secret.
- On your web part, call the Azure Function.
I would strongly suggest moving this to a dedicated web application to increase security.
The ask is not a small ask and will require significant architecture and development knowledge. You can find 3rd party products that can enable this, as well. AvePoint and Metalogix (now Quest) both have apps that help you do this.