fix(cli): unusable empty password private keys

[Legend-Master]

Fix updater signing private keys generated using tauri signer generate with empty password can't be used (The keys generated during tauri were broken between v2.9.3 and v2.10.0, you'll need to regenerate them)

Waiting on jedisct1/rust-minisign#31 (or we can use the forked branch for now)

Fixes #14829
Closes #14957
Closes #14941

[FabianLars]

(The keys generated during tauri were broken between v2.9.3 and v2.10.0, you'll need to regenerate them)

Ohhhhhhhhhhhhhhh, maybe that's why i didn't notice? I think i only used my existing keys to test jedisct1/rust-minisign#26

[github-actions]

Package Changes Through afc4c13

There are 4 changes which include tauri-cli with patch, @tauri-apps/cli with patch, tauri-utils with patch, tauri-bundler with patch

Planned Package Versions

The following package releases are the planned based on the context of changes in this pull request.

package	current	next
tauri-utils	2.8.2	2.8.3
tauri-bundler	2.8.0	2.8.1
tauri-runtime	2.10.0	2.10.1
tauri-runtime-wry	2.10.0	2.10.1
tauri-codegen	2.5.4	2.5.5
tauri-macros	2.5.4	2.5.5
tauri-plugin	2.5.3	2.5.4
tauri-build	2.5.5	2.5.6
tauri	2.10.2	2.10.3
@tauri-apps/cli	2.10.0	2.10.1
tauri-cli	2.10.0	2.10.1

Add another change file through the GitHub UI by following this link.

---

Read about change files or the docs at github.com/jbolda/covector

[Legend-Master]

Seems like the solution jedisct1/rust-minisign@8e18ed4 from the author is to go back to the behavior in v0.7.3, encrypt when empty string when no password is provided

[FabianLars]

ffs

[Legend-Master]

And of course with an MSRV bump because of getrandom 0.4 😫

[Legend-Master]

(The keys generated during tauri were broken between v2.9.3 and v2.10.0, you'll need to regenerate them)

Ohhhhhhhhhhhhhhh, maybe that's why i didn't notice? I think i only used my existing keys to test jedisct1/rust-minisign#26

Yeah, added some comments in the tests

minisign >=0.7.4,<=0.8.0 generate keys unencrypted if the password is empty but is marked encrypted hence unusable

[FabianLars]

can't wait to have a reasonable msrv policy

[FabianLars]

we're struggling in cargo-packager as well cause there we used 0.7.4+ for a long while as we never locked it to 0.7.3 as we did here.

We're trying to keep compat with both key variants: crabnebula-dev/cargo-packager@main...fix/update-minisign

Edit: don't have the brain capacity for it right now, so can't tell how much sense that makes

[Legend-Master]

We can't really pull that off here without locking people in one of those bad versions though

It would be nice for minisign to change the SecretKeyBox to have a is_encrypted function as well in the future (wouldn't help with the 'broken' ones from 0.7.4..0.8.0 though)