feat: add Firefox Browser with new v2 architecture (#536)

* feat: add Firefox Browser implementation with new v2 architecture

Add Firefox NewBrowsers + Extract pipeline following the Chromium v2
pattern. Firefox-specific differences handled:
- Profile discovery: random directory names (e.g. abc123.default-release)
- Master key: NSS/ASN1PBE from key4.db (platform-agnostic, no DPAPI/Keychain)
- Key validation: reuse logins.json from acquireFiles tempPaths
- Extract: only Password needs masterKey; Cookie is plaintext
- No CreditCard or SessionStorage support

Files:
- firefox_new.go: Browser struct, NewBrowsers, Extract, getMasterKey,
  extractCategory, deriveKeys, validateKeyWithLogins, profile discovery
- masterkey.go: extracted shared NSS logic (processMasterKey, queryMetaData,
  queryNssPrivateCandidates, parseLoginCipherPairs, canDecryptAnyLoginCipherPair)
- firefox_new_test.go: table-driven tests with shared fixtures
- source.go: remove dataSource wrapper, use []sourcePath directly
- firefox.go: remove functions moved to masterkey.go

* fix: address Copilot review feedback on Firefox v2

- Fix stale comment referencing removed readLoginCipherPairs
- Rename finallyKey to derivedKey for clarity in processMasterKey
- Add sqlite driver import to masterkey.go for self-containedness

* refactor: rewrite Firefox masterkey and improve naming

Masterkey rewrite:
- Replace raw SQL functions with structured key4DB type (globalSalt,
  passwordCheck, privateKeys) for clear data modeling
- Split processMasterKey into verifyPasswordCheck + decryptPrivateKey
- Add nssKeyTypeTag constant for the magic bytes
- Rename finallyKey to derivedKey
- Add sqlite driver import for self-containedness
- Return error (not fallback) when logins validation explicitly fails

Naming cleanup:
- loginPair → encryptedLogin (clarify these are encrypted blobs)
- parseLoginPairs → sampleEncryptedLogins (clarify sampling purpose)
- canDecryptLogin → tryDecryptLogins (accurate verb, plural alignment)
- Expand abbreviated variables: p→login, uPBE→userPBE, pPBE→pwdPBE

Password extraction:
- Keep entries when decryptPBE fails (URL preserved, user/pwd empty)
- Align with Chromium behavior where decrypt failure doesn't skip records

Old code cleanup:
- firefox.go GetMasterKey now delegates to retrieveMasterKey
- Remove functions moved to masterkey.go

* docs: add RFC-003 for crypto package naming cleanup

Track accumulated naming and structural issues in crypto/asn1pbe.go
and cross-browser shared code for a future dedicated refactoring pass.

* refactor: move masterkey tests to masterkey_test.go

- Rename firefox_test.go to masterkey_test.go since all tests in
  this file test masterkey.go functions (readKey4DB, sampleEncryptedLogins)
- Fix TestReadKey4DB to check nssPrivate rows as a set instead of
  assuming SQLite insertion order
- Future deletion of firefox.go won't accidentally remove masterkey tests

rfcs/003-crypto-naming-cleanup.md

@@ -0,0 +1,53 @@
+# RFC-003: Crypto Package and Naming Cleanup
+
+**Author**: moonD4rk
+**Status**: Proposed
+**Created**: 2026-04-03
+
+## Abstract
+
+The `crypto/` package and cross-browser shared code have accumulated naming
+and structural issues over time. This RFC tracks them for a future dedicated
+refactoring pass. No code changes are proposed here.
+
+## 1. crypto/asn1pbe.go
+
+### Naming
+
+| Current | Issue | Suggested |
+|---------|-------|-----------|
+| `nssPBE` | Too generic — "NSS" covers all Firefox crypto | `privateKeyPBE` — decrypts key4.db nssPrivate entries |
+| `metaPBE` | "meta" is vague | `passwordCheckPBE` — decrypts key4.db metaData check |
+| `loginPBE` | Acceptable but inconsistent | `credentialPBE` — decrypts logins.json credentials |
+| `ASN1PBE` interface | Too technical for callers | `Decryptor` or `PBEDecryptor` |
+| `SlatAttr` | **Typo** — should be `Salt` | `SaltAttr` |
+| `AlgoAttr.Data.Data` | Nested names are meaningless | Flatten with descriptive field names |
+| `AES128CBCDecrypt` | Misnomer — supports all AES key lengths | `AESCBCDecrypt` |
+
+### Structure
+
+`NewASN1PBE` uses trial-and-error `asn1.Unmarshal` to detect the type.
+ASN1 parsing is lenient, so multiple structs may succeed. A safer approach
+would be to parse the OID first, then unmarshal into the matching struct.
+
+## 2. crypto/crypto_*.go
+
+| Current | Issue |
+|---------|-------|
+| `DecryptWithChromium` | Platform-specific (AES-CBC on darwin, AES-GCM on windows) — name doesn't reflect this |
+| `DecryptWithYandex` | Nearly identical to `DecryptWithChromium` on Windows |
+
+## 3. Shared code between Chromium and Firefox
+
+`discoverProfiles`, `hasAnySource`, `resolveSourcePaths`, `resolvedPath`
+are nearly identical in both packages (~40 lines duplicated). Currently
+each package keeps its own copy for independence. If more browser engines
+are added (e.g. Safari WebKit), consider extracting to a shared package.
+
+## 4. Priority
+
+1. **SlatAttr typo** — trivial fix, do anytime
+2. **AES128CBCDecrypt rename** — grep + rename, low risk
+3. **ASN1PBE type/naming cleanup** — medium effort, needs comprehensive tests
+4. **NewASN1PBE OID-first detection** — higher effort, must not break any Firefox version
+5. **Shared profile discovery** — only when a third browser engine is added