Implement v3 separated storage architecture

BREAKING CHANGE: Storage format upgraded to v3 with automatic migration from v2

## Architecture Changes

vault_meta (rarely changes - survives data corruption):
- salt: PBKDF2 salt, never changes after creation
- passwordHash: Quick password verification
- createdAt/passwordChangedAt timestamps

vault_data (changes every save):
- iv: New each save (AES-GCM requirement)
- data: Encrypted vault content
- savedAt timestamp

vault_backup (safety net):
- Copy of vault_data before each save

## Benefits

1. Password never 'stops working' from data corruption
   - Salt stored separately, survives vault_data corruption

2. Clear error distinction
   - Wrong password: Fast verification fails
   - Corrupted data: Password verified but decryption fails

3. Automatic backup recovery
   - If vault_data corrupts, tries vault_backup automatically

4. Manual recovery possible
   - With password + salt, can decrypt backup even if code has bugs

## Migration

- v2 vaults automatically migrate to v3 on first unlock
- Uses existing salt, generates passwordHash
- Removes old vault key after successful migration

## New Functions (pbkdf2.ts)

- generatePasswordHash(): Creates verification hash
- verifyPassword(): Quick password check
- encryptWithKey(): Encrypt with existing derived key
- decryptWithKey(): Decrypt with existing derived key

## Files Changed

- src/utils/constants.ts: Added VAULT_META, VAULT_DATA, VAULT_BACKUP keys
- src/types/index.ts: Added VaultMeta, VaultDataEncrypted types
- src/crypto/pbkdf2.ts: Added password verification functions
- src/storage/vault.ts: Complete rewrite for v3 architecture

Author: Jarvis

src/crypto/pbkdf2.ts

@@ -1,8 +1,26 @@
 /**
  * Quack - PBKDF2 Password Derivation
+ * 
+ * ARCHITECTURE (v3 - Separated Storage):
+ * 
+ * vault_meta (rarely changes):
+ *   - salt: For key derivation
+ *   - passwordHash: Quick password verification
+ * 
+ * vault_data (changes every save):
+ *   - iv: New each save (required for AES-GCM security)
+ *   - data: Encrypted vault content
+ * 
+ * This separation means:
+ * 1. Salt survives data corruption
+ * 2. We can distinguish "wrong password" from "corrupted data"
+ * 3. Recovery is more likely if only vault_data is damaged
  */
 
 import { base64Encode, base64Decode, bufferToUint8Array } from '@/utils/helpers';
+
+// Re-export for vault.ts
+export { base64Encode };
 import { PBKDF2_ITERATIONS } from '@/utils/constants';
 
 /**
@@ -47,7 +65,124 @@ export function generateSalt(): Uint8Array {
 }
 
 /**
- * Encrypt vault data with password-derived key
+ * Generate a password verification hash
+ * Uses a different derivation path than encryption to avoid leaking key info
+ * 
+ * @param password - User's master password
+ * @param salt - The vault's salt (base64)
+ * @returns Base64-encoded hash for storage
+ */
+export async function generatePasswordHash(
+  password: string,
+  salt: string
+): Promise<string> {
+  // Use "verify:" prefix to create different derivation path
+  const verifySalt = new TextEncoder().encode('verify:' + salt);
+  
+  const passwordKey = await crypto.subtle.importKey(
+    'raw',
+    new TextEncoder().encode(password),
+    'PBKDF2',
+    false,
+    ['deriveBits']
+  );
+  
+  // Derive 256 bits for verification
+  const hashBits = await crypto.subtle.deriveBits(
+    {
+      name: 'PBKDF2',
+      salt: verifySalt.buffer as ArrayBuffer,
+      iterations: PBKDF2_ITERATIONS,
+      hash: 'SHA-256',
+    },
+    passwordKey,
+    256
+  );
+  
+  return base64Encode(new Uint8Array(hashBits));
+}
+
+/**
+ * Verify password against stored hash
+ * 
+ * @param password - Password to verify
+ * @param salt - The vault's salt (base64)
+ * @param storedHash - The stored password hash (base64)
+ * @returns true if password is correct
+ */
+export async function verifyPassword(
+  password: string,
+  salt: string,
+  storedHash: string
+): Promise<boolean> {
+  const computedHash = await generatePasswordHash(password, salt);
+  // Constant-time comparison would be ideal, but for client-side this is fine
+  return computedHash === storedHash;
+}
+
+/**
+ * Encrypt data with an existing derived key (no new salt)
+ * Used for saving vault data without regenerating salt
+ * 
+ * @param data - Plaintext JSON string
+ * @param key - Already-derived CryptoKey
+ * @returns IV and encrypted data (both base64)
+ */
+export async function encryptWithKey(
+  data: string,
+  key: CryptoKey
+): Promise<{ iv: string; encrypted: string }> {
+  const iv = crypto.getRandomValues(new Uint8Array(12));
+  const encoded = new TextEncoder().encode(data);
+  
+  const encrypted = await crypto.subtle.encrypt(
+    { name: 'AES-GCM', iv },
+    key,
+    encoded
+  );
+  
+  return {
+    iv: base64Encode(iv),
+    encrypted: base64Encode(bufferToUint8Array(encrypted)),
+  };
+}
+
+/**
+ * Decrypt data with an existing derived key
+ * 
+ * @param encrypted - Encrypted data (base64)
+ * @param iv - Initialization vector (base64)
+ * @param key - Already-derived CryptoKey
+ * @returns Decrypted string or null if decryption fails
+ */
+export async function decryptWithKey(
+  encrypted: string,
+  iv: string,
+  key: CryptoKey
+): Promise<string | null> {
+  try {
+    const ivBytes = base64Decode(iv);
+    const encryptedBytes = base64Decode(encrypted);
+    
+    const decrypted = await crypto.subtle.decrypt(
+      { name: 'AES-GCM', iv: ivBytes.buffer as ArrayBuffer },
+      key,
+      encryptedBytes.buffer as ArrayBuffer
+    );
+    
+    return new TextDecoder().decode(decrypted);
+  } catch {
+    return null;
+  }
+}
+
+// ============================================================================
+// Legacy functions (for v2 migration and backward compatibility)
+// ============================================================================
+
+/**
+ * Encrypt vault data with password-derived key (LEGACY - generates new salt)
+ * @deprecated Use encryptWithKey() with separated storage instead
  */
 export async function encryptVault(
   data: string,
@@ -73,7 +208,8 @@ export async function encryptVault(
 }
 
 /**
- * Decrypt vault data with password-derived key
+ * Decrypt vault data with password-derived key (LEGACY)
+ * @deprecated Use decryptWithKey() with separated storage instead
  */
 export async function decryptVault(
   encrypted: string,
@@ -95,7 +231,7 @@ export async function decryptVault(
     );
 
     return new TextDecoder().decode(decrypted);
-  } catch (error) {
+  } catch {
     // Wrong password or corrupted data
     return null;
   }