refactor: migrate from pkla to polkit rules format

Changed disk encryption authentication from deprecated PKLA format
to modern Polkit JavaScript rules format. Updated CMake installation
configuration to install rules in new standard location (/usr/
share/polkit-1/rules.d) instead of old location (/etc/polkit-1/
localauthority/10-vendor.d). Removed old pkla file completely.

This change was made because PKLA format has been deprecated in favor
of JavaScript rules format which provides more flexibility and is the
current standard for Polkit authentication rules. The new format follows
modern Linux security practices and maintains better compatibility with
newer Polkit versions.

Influence:
1. Verify disk encryption functionality still works properly
2. Test authentication prompts appear/disappear as expected
3. Check system logs for any Polkit-related errors
4. Confirm rules file exists in correct location (/usr/share/polkit-
1/rules.d)
5. Test with different user permissions scenarios

refactor: 从 pkla 迁移到 polkit 规则格式

将磁盘加密认证从已废弃的 PKLA 格式改为现代的 Polkit JavaScript 规则格
式。更新了 CMake 安装配置，将规则安装到新的标准位置(/usr/share/polkit-1/
rules.d)而非旧位置(/etc/polkit-1/localauthority/10-vendor.d)。完全移除了
旧的 pkla 文件。

进行此更改是因为 PKLA 格式已被废弃，转而支持 JavaScript 规则格式，后者提
供了更大的灵活性且是当前 Polkit 认证规则的标准。新格式遵循现代 Linux 安
全实践，并与较新的 Polkit 版本保持更好的兼容性。

Influence:
1. 验证磁盘加密功能仍正常工作
2. 测试认证提示是否按预期出现/消失
3. 检查系统日志是否有 Polkit 相关错误
4. 确认规则文件存在于正确位置(/usr/share/polkit-1/rules.d)
5. 使用不同用户权限场景进行测试

Author: Johnson-zs

debian/dde-file-manager-services-plugins.install

@@ -7,5 +7,5 @@ usr/share/dbus-1/system-services/*.service
 usr/share/dbus-1/system.d/org.deepin.filemanager.diskencrypt.conf
 usr/share/dbus-1/services/org.deepin.Filemanager.TextIndex.service
 etc/systemd/system/deepin-service-group@.service.d/*
-etc/polkit-1/localauthority/10-vendor.d/99-dde-file-manager-encrypt.pkla
+usr/share/polkit-1/rules.d/99-dde-file-manager-encrypt.rules
 etc/udev/rules.d/*.rules

src/services/diskencrypt/CMakeLists.txt

@@ -27,7 +27,11 @@ install(FILES org.deepin.Filemanager.DiskEncrypt.service DESTINATION share/dbus-
 install(FILES ${CMAKE_SOURCE_DIR}/assets/rules/99-dfm-encrypt.rules DESTINATION /etc/udev/rules.d)
 
 set(PolicyDir "${CMAKE_INSTALL_PREFIX}/share/polkit-1/actions")
+set(RulesDir "${CMAKE_INSTALL_PREFIX}/share/polkit-1/rules.d")
+
 install(FILES polkit/policy/org.deepin.filemanager.diskencrypt.policy
     DESTINATION ${PolicyDir})
-install(FILES polkit/rules/99-dde-file-manager-encrypt.pkla
-    DESTINATION /etc/polkit-1/localauthority/10-vendor.d)
+
+# Install polkit rules (JavaScript format, replaces deprecated .pkla)
+install(FILES polkit/rules/99-dde-file-manager-encrypt.rules
+    DESTINATION ${RulesDir})

src/services/diskencrypt/polkit/rules/99-dde-file-manager-encrypt.pkla

@@ -0,0 +1,26 @@
+// Polkit rules for DDE File Manager disk encryption
+// This file replaces the deprecated .pkla configuration
+//
+// Location: /etc/polkit-1/rules.d/99-dde-file-manager-encrypt.rules
+// or /usr/share/polkit-1/rules.d/99-dde-file-manager-encrypt.rules
+//
+// Priority: 99 ensures these rules are evaluated late, allowing
+// other rules to override if needed.
+
+// Skip authentication when unlocking system encrypted devices
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.freedesktop.udisks2.encrypted-unlock-system" &&
+        subject.isInGroup("*") &&
+        subject.active) {
+        return polkit.Result.YES;
+    }
+});
+
+// Skip authentication when unlocking regular encrypted devices
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.freedesktop.udisks2.encrypted-unlock" &&
+        subject.isInGroup("*") &&
+        subject.active) {
+        return polkit.Result.YES;
+    }
+});