fix: switch keychain to Data Protection to eliminate auth prompts

[datlechin]

Summary

• Add centralized KeychainHelper using the Data Protection keychain (kSecUseDataProtectionKeychain: true) per Apple TN3137, eliminating per-item ACL prompts that appeared on every table open
• Revert kSecAttrAccessible to AfterFirstUnlock (was WhenUnlockedThisDeviceOnly), restoring background reconnection while screen is locked
• Refactor ConnectionStorage, AIKeyStorage, and LicenseStorage to delegate all keychain operations to KeychainHelper
• Add one-time migration from legacy file-based keychain to Data Protection keychain on app launch

Closes #326

Test plan

• Launch app — no keychain authorization dialog should appear
• Verify existing passwords still load (migration works)
• Lock screen, wait for ConnectionHealthMonitor 30s ping — reconnection should succeed (AfterFirstUnlock)
• Fresh install: save a connection with password, relaunch, verify password persists
• Run KeychainHelperTests and KeychainAccessControlTests

Summary by CodeRabbit

• New Features

  • Centralized, data-protected secure storage for keys with a one-time legacy migration at startup.

• Bug Fixes

  • Keychain authorization prompt no longer appears on every table open.

• Tests

  • Added tests covering secure storage save/load/delete, overwrite behavior, missing keys, and migration flag.

• Chores

  • Changelog updated with migration/fix notes.