Feature: Implement Locker functionality for secure note storage

[bigtcze]

Description

Implement a secure 'Locker' section for private notes protected by a 4-digit PIN.

Requirements

Frontend

• Side Menu: Add 'Locker' item to the sidebar.
• Access Control: Clicking 'Locker' prompts for a 4-digit PIN.
  • If no PIN is set (first time), prompt to create one.
  • If PIN is set, prompt to unlock.
• Note Management:
  • Add 'Move to Locker' option in the note's 3-dots menu.
  • CRITICAL: Moving a note to Locker MUST remove all assigned tags.
  • Add 'Move to Locker' to bulk selection actions.
• User Settings: Allow changing the PIN inside the Locker view (requires current PIN).
• Admin Center: Add functionality for Admins to reset a user's PIN.

Backend

• Database:
  • Update users table: Add locker_pin_hash (store hashed, never plain text).
  • Update notes table: Add is_locked boolean (default false).
• API:
  • endpoints for PIN setup, verification, and change.
  • Ensure GET /api/notes filters out locked notes by default.
  • Endpoint to fetch locked notes (requires valid PIN verification).
  • Admin endpoint to reset user PIN.

Security

• Locked notes must not be leaked in standard sync/fetch requests.
• PIN must be hashed (e.g., bcrypt).

Complexity

8/10