fix: security hardening, blur geometry, and performance audit fixes (v0.6.2)

Security: cache dirs now 0o700 via DirBuilder::mode(), blur config
validated (finite + clamp 0–200), TOCTOU socket pre-check removed.

Quality: GPU blur geometry fixed (texture shifted instead of stretched),
is_valid_username hardened, is_valid_gtk_theme extracted as testable fn,
save_last_session error handling consistent with save_last_user.

Performance: blurred texture cached across monitors (1x GPU renderpass
instead of N), FingerprintProbe device proxy cached in GreeterState with
generation counter to prevent race condition on fast user-switch.

Clippy: all 7 warnings resolved (collapsible if-let, redundant closure,
manual_range_contains, too_many_arguments suppressed for GTK widget fns).

Tests: 109 → 118 (GTK theme validation, Unicode usernames, cache dir
permissions, unwritable dir handling, blur config edge cases).

src/main.rs

@@ -58,11 +58,13 @@ fn activate(app: &gtk::Application) {
             greeter::load_background_texture(&path)
         });
 
+    let blur_cache = std::rc::Rc::new(std::cell::RefCell::new(None));
+
     let use_layer_shell = std::env::var("MOONGREET_NO_LAYER_SHELL").is_err();
     log::debug!("Layer shell: {use_layer_shell}");
 
     // Main greeter window (login UI) — compositor picks focused monitor
-    let greeter_window = greeter::create_greeter_window(bg_texture.as_ref(), &config, app);
+    let greeter_window = greeter::create_greeter_window(bg_texture.as_ref(), &config, &blur_cache, app);
     if use_layer_shell {
         setup_layer_shell(&greeter_window, true, gtk4_layer_shell::Layer::Top);
     }
@@ -79,7 +81,7 @@ fn activate(app: &gtk::Application) {
                 .item(i)
                 .and_then(|obj| obj.downcast::<gdk::Monitor>().ok())
             {
-                let wallpaper = greeter::create_wallpaper_window(texture, config.background_blur, app);
+                let wallpaper = greeter::create_wallpaper_window(texture, config.background_blur, &blur_cache, app);
                 setup_layer_shell(&wallpaper, false, gtk4_layer_shell::Layer::Bottom);
                 wallpaper.set_monitor(Some(&monitor));
                 wallpaper.present();