Harden private key handling to prevent potential leaks

[barrydeen]

Summary

• Disable Android backup (allowBackup="false") to prevent EncryptedSharedPreferences from being extracted via adb backup or Auto Backup
• Harden Keypair class — redact privkey from toString(), derive hashCode() from pubkey only, add wipe() method
• Add ByteArray.wipe() extension and use it to zero throwaway keys and conversation keys after use in NIP-17 gift wrap creation
• Clear nsec on dispose — DisposableEffect nulls out the revealed nsec string when the KeysScreen composable leaves composition
• Sensitive clipboard flag — mark private key clipboard data as sensitive on API 33+ to hide it from clipboard previews
• Secure LruCache eviction — override entryRemoved() on conversation key cache to zero evicted byte arrays

Test plan

• Build and run on device/emulator
• Login with nsec — verify key stored, app functional
• Reveal key on KeysScreen — verify biometric prompt, nsec displayed, cleared on back navigation
• Send/receive DMs — verify NIP-17 encryption still works after wipe() calls
• Verify adb backup produces empty/no backup
• Check logcat during all operations for any key leakage

🤖 Generated with Claude Code