Migrates existing login keyring entries to unencrypted default keyring

[rolandboon]

Follow-up to #68. The previous migration created a password-less Default_keyring, but left the existing encrypted login.keyring untouched. Apps like Slack and Chrome still had their credentials in that encrypted keyring, so users kept getting a password prompt on launch.

This migration replaces the encrypted login.keyring with an unencrypted version. Apps will need to re-authenticate once after a reboot.

Why an unencrypted keyring is fine here:

• LUKS already handles encryption at rest. Every manjikaze install enforces full disk encryption, making keyring-level encryption redundant for the at-rest threat model.
• Runtime exposure is identical. Once unlocked (which happens immediately after entering the prompt), all secrets are accessible to any user process via the D-Bus Secret Service API. Regardless of whether the keyring file itself is encrypted. A malicious process doesn't need to read the file; it just queries the API.
• The prompt adds no real security. The user enters the password on first app launch, the keyring stays unlocked for the session, and the "protected" window beforehand is negligible.