E2E: force file-backed secret store under CMDR_E2E_MODE=1

A locked macOS Keychain pops a GUI password prompt for every secret read. During an unattended E2E run (overnight CI, `desktop-e2e-playwright` checker, agent-driven runs) nobody types the password — the dialog steals focus from the Tauri webview, every `tauriPage.keyboard.press` lands on the wrong window, and a sweep of tests goes red for non-code reasons.

Same gate the dev wrapper already uses (`CMDR_SECRET_STORE=file`), now applied automatically when the binary detects E2E mode. E2E-session credentials end up in the ephemeral `CMDR_DATA_DIR` and disappear with it; no production behaviour changes.

Author: vdavid

apps/desktop/src-tauri/src/secrets/mod.rs

@@ -81,6 +81,19 @@ fn init_store() -> Box<dyn SecretStore> {
         return Box::new(plain_file::PlainFileStore::new(dir));
     }
 
+    // E2E runs must never hit the OS keychain. A locked macOS Keychain pops a
+    // GUI password prompt that blocks every secret read until the user types
+    // their password — fatal for an unattended test run (the dialog steals
+    // focus, the tests time out, half the suite goes red for non-code reasons).
+    // Force the file backend so an E2E session's credentials live alongside its
+    // ephemeral data dir and disappear with it.
+    if crate::test_mode::is_e2e_mode() {
+        let dir = secret_store_dir();
+        info!("Secret store: PlainFileStore (CMDR_E2E_MODE=1)");
+        FILE_BACKED.store(true, std::sync::atomic::Ordering::Relaxed);
+        return Box::new(plain_file::PlainFileStore::new(dir));
+    }
+
     #[cfg(target_os = "macos")]
     {
         info!("Secret store: KeychainStore (macOS)");