Summary

• Replaces plaintext encryption key storage with Electron's \safeStorage\ API, which delegates to the OS-native keychain (DPAPI on Windows, Keychain on macOS, libsecret on Linux)
• The on-disk key file (.transtrack-key) is now an opaque binary blob that cannot be used without the OS user's credentials
• Transparent migration: existing plaintext keys are automatically re-encrypted on first read when \safeStorage\ is available
• Graceful fallback: if \safeStorage\ is unavailable (e.g. headless Linux without a keyring daemon), falls back to the prior plaintext + \