fix: use consistent vaultID for audit key storage and retrieval

Bug: Audit HMAC verification was failing because vaultID was inconsistent:
- During init: vaultID = filepath.Base(vaultDir) (e.g., ".pass-cli")
- During verify: vaultID = filepath.Abs(vaultPath) (e.g., "C:\Users\...\vault.enc")

This caused GetOrCreateAuditKey() to create a new key during verification
instead of retrieving the original, making all HMAC signatures invalid.

Fix: Updated getVaultID() in cmd/helpers.go to use directory name
(filepath.Base(filepath.Dir(vaultPath))) to match initialization behavior.

Now audit key is consistently stored/retrieved with same vaultID.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: arimxyer

cmd/helpers.go

@@ -94,14 +94,12 @@ func getAuditLogPath(vaultPath string) string {
 }
 
 // T072: getVaultID returns a unique identifier for the vault (used for keychain)
-// Uses vault file path as unique identifier
+// Uses directory name as vault ID to match initialization behavior in firstrun.go
 func getVaultID(vaultPath string) string {
-	// Use absolute path as vault ID for keychain
-	absPath, err := filepath.Abs(vaultPath)
-	if err != nil {
-		return vaultPath // Fallback to relative path
-	}
-	return absPath
+	// Use directory name as vault ID to match how it's set during initialization
+	// This ensures audit key retrieval matches how it was stored
+	vaultDir := filepath.Dir(vaultPath)
+	return filepath.Base(vaultDir)
 }
 
 // getKeychainUnavailableMessage returns platform-specific error message when keychain is unavailable