fix+perf: audit fixes and GPU blur migration (v0.5.0)

Address all findings from quality, performance, and security audits:
- Filter greetd error descriptions consistently (security)
- Re-enable power buttons after failed action (UX bug)
- Narrow TOCTOU window in avatar loading via symlink_metadata (security)
- Allow @ in usernames for LDAP compatibility
- Eliminate unnecessary Vec allocation in passwd parsing
- Remove dead i18n field, annotate retained-for-future struct fields
- Fix if/if→if/else and noisy test output in power.rs

Replace CPU blur (image crate + disk cache + async orchestration) with
GPU blur via GskBlurNode — symmetric with moonlock and moonset.
Removes ~15 transitive dependencies and ~200 lines of caching code.

src/i18n.rs

@@ -28,7 +28,6 @@ pub struct Strings {
     pub session_start_failed: &'static str,
     pub reboot_failed: &'static str,
     pub shutdown_failed: &'static str,
-    pub connection_error: &'static str,
     pub socket_error: &'static str,
     pub unexpected_greetd_response: &'static str,
 
@@ -53,7 +52,6 @@ const STRINGS_DE: Strings = Strings {
     session_start_failed: "Session konnte nicht gestartet werden",
     reboot_failed: "Neustart fehlgeschlagen",
     shutdown_failed: "Herunterfahren fehlgeschlagen",
-    connection_error: "Verbindungsfehler",
     socket_error: "Socket-Fehler",
     unexpected_greetd_response: "Unerwartete Antwort von greetd",
     faillock_attempts_remaining: "Noch {n} Versuch(e) vor Kontosperrung!",
@@ -76,7 +74,6 @@ const STRINGS_EN: Strings = Strings {
     session_start_failed: "Failed to start session",
     reboot_failed: "Reboot failed",
     shutdown_failed: "Shutdown failed",
-    connection_error: "Connection error",
     socket_error: "Socket error",
     unexpected_greetd_response: "Unexpected response from greetd",
     faillock_attempts_remaining: "{n} attempt(s) remaining before lockout!",