SFTP: Add SSH host key verification (known_hosts)

[BrianLeishman]

Summary

The SFTP connection pool currently accepts all SSH host keys without verification, making connections vulnerable to man-in-the-middle attacks.

Current State

• File: src-tauri/src/locations/sftp/pool.rs:38-43
• check_server_key() unconditionally returns Ok(true)
• Comment says // TODO: known_hosts verification

Proposed Changes

1. Read ~/.ssh/known_hosts on connection
2. If host key is known and matches → connect silently
3. If host key is unknown → show TOFU (trust-on-first-use) dialog to user, save to known_hosts on accept
4. If host key changed → show warning dialog with fingerprint comparison, require explicit override

Technical Notes

• russh::client::Handler::check_server_key receives &PublicKey — this is the hook point
• The russh::keys module can parse known_hosts format
• Need a Tauri event/window for the TOFU confirmation dialog
• Consider also supporting ~/.ssh/known_hosts2 and hashed entries

Acceptance Criteria

• Known hosts are verified on every connection
• Unknown hosts prompt user for TOFU acceptance
• Changed host keys show clear warning
• Accepted keys are persisted to known_hosts