Move login breach fields into meta record and add password reuse detection for breach alerts

[jo]

Move the previously introduced login breach-related fields time_of_last_breach and time_last_breach_alert_dismissed from LoginFields into LoginMeta struct, to group internally handled fields which are not directly updateable.
Add breachesL table (schema v4) to track breached passwords and enable cross-domain password reuse detection.

New APIs:

• are_potentially_vulnerable_passwords(ids) - Batch check, returns GUIDs
• is_potentially_vulnerable_password(id) - Single login check

Batch API decrypts breachesL once and uses HashSet for efficient lookups (O(M + N) vs O(M * N) for repeated single checks).

This is the Phabricator patch for Desktop support.

Pull Request checklist

• Breaking changes: This PR follows our breaking change policy
  • This PR follows the breaking change policy:
    • This PR has no breaking API changes, or
    • There are corresponding PRs for our consumer applications that resolve the breaking changes and have been approved
• Quality: This PR builds and tests run cleanly
  • Note:
    • For changes that need extra cross-platform testing, consider adding [ci full] to the PR title.
    • If this pull request includes a breaking change, consider cutting a new release after merging.
• Tests: This PR includes thorough tests or an explanation of why it does not
• Changelog: This PR includes a changelog entry in CHANGELOG.md or an explanation of why it does not need one
  • Any breaking changes to Swift or Kotlin binding APIs are noted explicitly
• Dependencies: This PR follows our dependency management guidelines
  • Any new dependencies are accompanied by a summary of the due diligence applied in selecting them.