Add password-based document encryption (AES-256-GCM)

[c3z]

Summary

• Lock/unlock documents via the existing menu with a new "Lock document" option
• Uses native Web Crypto API — zero dependencies: PBKDF2 (100k iterations, SHA-256) for key derivation + AES-256-GCM for encryption
• Encrypted URLs use #e0_ prefix to distinguish from plain documents
• Password dialog with confirmation field when setting password, retry loop on wrong password
• Derived key cached per session to avoid expensive PBKDF2 on every debounced save
• Refactored compress/decompress into composable deflate/inflate primitives to avoid code duplication

How it works

1. User clicks menu → "Lock document" → enters password (with confirmation)
2. Content is compressed (deflate) → encrypted (AES-256-GCM) → base64url encoded → stored in URL hash as #e0_...
3. Opening an encrypted link shows a password dialog; wrong password triggers retry with error message
4. "Unlock document" removes encryption, URL reverts to plain #... format
5. Salt (16B) + IV (12B) are embedded in the payload; key is derived once per session

Test plan

• Create a document, lock it with a password, verify URL changes to #e0_...
• Copy the encrypted URL, open in new tab, enter correct password → content appears
• Enter wrong password → "Wrong password" error, retry works
• Cancel password dialog → empty document
• Unlock document → URL reverts to plain #...
• Verify localStorage persistence works with encrypted documents
• Test on mobile (dialog, touch interactions)

🤖 Generated with Claude Code