[PM-33933] Update autofill dialog for 'never' match setting

[nikwithak]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-33933

📔 Objective

Updates the Autofill modal to give special messaging when the Autofill criteria is set to "Never". Note: This is rebased onto #20071 , and consumes several style changes included in that PR, so that PR will have to go before this one can merge in.

📸 Screenshots

No URI match (copy changed slightly to add "or match criteria"):

URI matches, set to never:

No site saved (unchanged from previous behavior):

[codecov]

Codecov Report

❌ Patch coverage is 81.25000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 46.99%. Comparing base (68b835b) to head (fdbc074).
⚠️ Report is 48 commits behind head on vault/pm-32375.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...n-dialog/autofill-confirmation-dialog.component.ts	81.25%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@                Coverage Diff                 @@
##           vault/pm-32375   #20189      +/-   ##
==================================================
+ Coverage           46.82%   46.99%   +0.16%     
==================================================
  Files                3883     3891       +8     
  Lines              116517   117323     +806     
  Branches            17751    17941     +190     
==================================================
+ Hits                54561    55133     +572     
- Misses              59476    59709     +233     
- Partials             2480     2481       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Checkmarx One – Scan Summary & Details – 1e586c50-1fef-487a-9ba2-a836679df480

---

New Issues (5)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CVE-2026-2359	Npm-multer-2.0.2	details Recommended version: 2.1.1 Description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
2		CVE-2026-27959	Npm-koa-3.1.1	details Recommended version: 3.1.2 Description: Koa is middleware for Node.js using ES2017 async functions. Prior to versions 2.16.4 and 3.x prior to 3.1.2, Koa's `ctx.hostname` API performs naiv... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
3		CVE-2026-3304	Npm-multer-2.0.2	details Recommended version: 2.1.1 Description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 and 3.0.0-alpha1 allows an att... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4		CVE-2026-3520	Npm-multer-2.0.2	details Recommended version: 2.1.1 Description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
5		Missing_HSTS_Header	/apps/cli/src/auth/commands/login.command.ts: 571	details The web-application does not define an HSTS header, leaving it vulnerable to attack. Attack Vector

---

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Missing_HSTS_Header	/apps/browser/src/autofill/services/targeting-rules-data.service.ts: 199

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud