fix+perf: audit fixes and GPU blur migration (v0.5.0)

Address all findings from quality, performance, and security audits:
- Filter greetd error descriptions consistently (security)
- Re-enable power buttons after failed action (UX bug)
- Narrow TOCTOU window in avatar loading via symlink_metadata (security)
- Allow @ in usernames for LDAP compatibility
- Eliminate unnecessary Vec allocation in passwd parsing
- Remove dead i18n field, annotate retained-for-future struct fields
- Fix if/if→if/else and noisy test output in power.rs

Replace CPU blur (image crate + disk cache + async orchestration) with
GPU blur via GskBlurNode — symmetric with moonlock and moonset.
Removes ~15 transitive dependencies and ~200 lines of caching code.

src/power.rs

@@ -41,8 +41,7 @@ fn run_command(action: &'static str, program: &str, args: &[&str]) -> Result<(),
 
     if output.status.success() {
         log::debug!("Power action {action} completed successfully");
-    }
-    if !output.status.success() {
+    } else {
         let stderr = String::from_utf8_lossy(&output.stderr);
         return Err(PowerError::CommandFailed {
             action,
@@ -100,7 +99,7 @@ mod tests {
 
     #[test]
     fn run_command_passes_args() {
-        let result = run_command("test", "echo", &["hello", "world"]);
+        let result = run_command("test", "true", &["--ignored-arg"]);
         assert!(result.is_ok());
     }
 }