feat: complete Tasks 21-28 — backend integration, security hardening, UI tests & CI

- Add Apple Sign-In backend (JWKS verification, account linking, session management)
- Implement push notification deep linking with NotificationDeepLinkRouter
- Add jailbreak detection, runtime integrity monitoring, secure enclave service
- Implement OAuth social login, token refresh, and secure logout flows
- Add image caching (memory/disk), optimizer, upload queue, async semaphore
- Implement notification analytics, type preferences, and category setup
- Expand UI test suite with UITestBase, accessibility, auth flow, performance tests
- Add CI pipeline for iOS UI tests (3 device sizes) and performance benchmarks
- Restructure Xcode project to manual groups with KordantWidgets target
- Add SwiftLint, Swift Collections/Algorithms/GoogleSignIn dependencies
- Update project.yml for XcodeGen with new targets and configurations

iOS/KordantSpamShieldExtension/Info.plist

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>$(DEVELOPMENT_LANGUAGE)</string>
+	<key>CFBundleExecutable</key>
+	<string>SpamCallDirectoryExtension</string>
+	<key>CFBundleIdentifier</key>
+	<string>com.frenocorp.kordant.SpamCallDirectoryExtension</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>SpamCallDirectoryExtension</string>
+	<key>CFBundlePackageType</key>
+	<string>XPC!</string>
+	<key>CFBundleShortVersionString</key>
+	<string>1.0</string>
+	<key>CFBundleVersion</key>
+	<string>1</string>
+	<key>NSExtension</key>
+	<dict>
+		<key>NSExtensionPointIdentifier</key>
+		<string>com.apple.callkit.call-directory</string>
+		<key>NSExtensionPrincipalClass</key>
+		<string>SpamCallDirectoryProvider</string>
+	</dict>
+</dict>
+</plist>

iOS/KordantSpamShieldExtension/PrivacyInfo.xcprivacy

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<!--
+	Privacy Manifest for Kordant Spam Shield Call Directory Extension
+	Reads spam numbers from shared App Group container; no categorized API usage.
+	-->
+	<key>NSPrivacyTracking</key>
+	<false/>
+	<key>NSPrivacyTrackingDomains</key>
+	<array/>
+	<key>NSPrivacyCollectedDataTypes</key>
+	<array/>
+	<key>NSPrivacyAccessedAPITypes</key>
+	<array/>
+</dict>
+</plist>

iOS/KordantSpamShieldExtension/SpamCallDirectoryProvider.swift

@@ -0,0 +1,34 @@
+import CallKit
+import Foundation
+
+class SpamCallDirectoryProvider: CXCallDirectoryProvider {
+    
+    override func beginRequest(with context: CXCallDirectoryExtensionContext) {
+        // The extension should call context.completeRequest() when it's finished.
+        
+        // 1. Load data from shared App Group
+        let service = SpamDirectoryService.shared
+        
+        do {
+            // 2. Add blocked numbers
+            let blockedNumbers = try service.loadBlockedNumbers()
+            for number in blockedNumbers {
+                context.addBlockingEntry(withNextSequentialPhoneNumber: number)
+            }
+            
+            // 3. Add identified numbers
+            let identifiedEntries = try service.loadIdentifiedEntries()
+            for entry in identifiedEntries {
+                context.addIdentificationEntry(withNextSequentialPhoneNumber: entry.number, label: entry.label)
+            }
+            
+            // 4. Complete the request
+            context.completeRequest()
+            
+        } catch {
+            // In case of error, we still complete the request but log it
+            // (In a real app, use OSLog)
+            context.completeRequest()
+        }
+    }
+}