Add ShieldAI browser extension with phishing & spam detection (FRE-4576)

- Extension package: Manifest V3, background service worker, content scripts
- Phishing detection engine with heuristic analysis (typosquatting, entropy, TLD, brand impersonation)
- Local URL caching layer (Storage API) for <100ms cached lookups
- Popup UI with protection status, stats, and phishing report button
- Options page for settings management (blocked/allowed domains, feature toggles)
- Server-side extension routes: URL check, phishing report, auth, stats, exposure check
- Tier-aware feature gating (Basic/Plus/Premium)
- 25 passing tests for phishing detection heuristics
- Declarative net request rules for known phishing patterns
- DarkWatch integration for credential exposure checks
- Firefox compatibility layer via build modes

Co-Authored-By: Paperclip <noreply@paperclip.ing>

packages/extension/public/icons/icon128.svg

@@ -0,0 +1,10 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 128 128">
+  <defs>
+    <linearGradient id="shieldGrad" x1="0%" y1="0%" x2="100%" y2="100%">
+      <stop offset="0%" style="stop-color:#3b82f6;stop-opacity:1" />
+      <stop offset="100%" style="stop-color:#1e40af;stop-opacity:1" />
+    </linearGradient>
+  </defs>
+  <path d="M64 8 L112 32 L112 72 C112 100 64 120 64 120 C64 120 16 100 16 72 L16 32 Z" fill="url(#shieldGrad)"/>
+  <path d="M52 68 L60 76 L78 56" stroke="white" stroke-width="8" fill="none" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

packages/extension/public/manifest.json

@@ -0,0 +1,48 @@
+{
+  "manifest_version": 3,
+  "name": "ShieldAI - Phishing & Spam Protection",
+  "version": "0.1.0",
+  "description": "Real-time phishing detection and spam protection powered by ShieldAI",
+  "permissions": [
+    "activeTab",
+    "storage",
+    "tabs",
+    "scripting",
+    "declarativeNetRequest"
+  ],
+  "host_permissions": [
+    "https://*/*",
+    "http://*/*"
+  ],
+  "action": {
+    "default_popup": "popup.html",
+    "default_icon": {
+      "16": "icons/icon16.png",
+      "48": "icons/icon48.png",
+      "128": "icons/icon128.png"
+    }
+  },
+  "icons": {
+    "16": "icons/icon16.png",
+    "48": "icons/icon48.png",
+    "128": "icons/icon128.png"
+  },
+  "options_page": "options.html",
+  "content_scripts": [
+    {
+      "matches": ["https://*/*", "http://*/*"],
+      "js": ["content.js"],
+      "run_at": "document_start",
+      "all_frames": false
+    }
+  ],
+  "declarative_net_request": {
+    "rule_resources": [
+      {
+        "id": "phishing_rules",
+        "enabled": true,
+        "path": "rules/phishing-rules.json"
+      }
+    ]
+  }
+}

packages/extension/public/rules/phishing-rules.json

@@ -0,0 +1,58 @@
+[
+  {
+    "id": 1,
+    "priority": 1,
+    "action": { "type": "BLOCK" },
+    "condition": {
+      "urlFilter": "*://*login-secure-portal*/*",
+      "resourceTypes": ["main_frame"]
+    }
+  },
+  {
+    "id": 2,
+    "priority": 1,
+    "action": { "type": "BLOCK" },
+    "condition": {
+      "urlFilter": "*://*account-verify-now*/*",
+      "resourceTypes": ["main_frame"]
+    }
+  },
+  {
+    "id": 3,
+    "priority": 1,
+    "action": { "type": "BLOCK" },
+    "condition": {
+      "urlFilter": "*://*secure-auth-signin*/*",
+      "resourceTypes": ["main_frame"]
+    }
+  },
+  {
+    "id": 4,
+    "priority": 1,
+    "action": { "type": "BLOCK" },
+    "condition": {
+      "urlFilter": "*://*wallet-connect-verify*/*",
+      "resourceTypes": ["main_frame"]
+    }
+  },
+  {
+    "id": 5,
+    "priority": 2,
+    "action": { "type": "REDIRECT", "redirect": { "urlFilter": "chrome-extension://__MSG_@@extension_id__/popup.html" } },
+    "condition": {
+      "urlFilter": "*://*.tk/*",
+      "resourceTypes": ["main_frame"],
+      "domainMatches": ["*.tk"]
+    }
+  },
+  {
+    "id": 6,
+    "priority": 2,
+    "action": { "type": "REDIRECT", "redirect": { "urlFilter": "chrome-extension://__MSG_@@extension_id__/popup.html" } },
+    "condition": {
+      "urlFilter": "*://*.xyz/*",
+      "resourceTypes": ["main_frame"],
+      "domainMatches": ["*.xyz"]
+    }
+  }
+]