fix: audit fixes — CString zeroize, FP account check, PAM timeout, blur downscale (v0.6.5)

Address findings from second triple audit (quality, performance, security):

- Wrap PAM CString password in Zeroizing<CString> to wipe on drop (S-H1)
- Add check_account() for pam_acct_mgmt after fingerprint unlock,
  with resume_async() to restart FP on transient failure (S-M1)
- 30s PAM timeout with generation counter to prevent stale result
  interference from parallel auth attempts (S-M3)
- Downscale wallpaper to max 1920px before GPU blur, reducing work
  by ~4x on 4K wallpapers (P-M1)
- exit(1) instead of return on no-monitor after lock.lock() (Q-2.1)

src/i18n.rs

@@ -28,6 +28,7 @@ pub struct Strings {
     pub confirm_no: &'static str,
     pub faillock_attempts_remaining: &'static str,
     pub faillock_locked: &'static str,
+    pub auth_timeout: &'static str,
 }
 
 const STRINGS_DE: Strings = Strings {
@@ -46,6 +47,7 @@ const STRINGS_DE: Strings = Strings {
     confirm_no: "Abbrechen",
     faillock_attempts_remaining: "Noch {n} Versuch(e) vor Kontosperrung!",
     faillock_locked: "Konto ist möglicherweise gesperrt",
+    auth_timeout: "Authentifizierung abgelaufen — bitte erneut versuchen",
 };
 
 const STRINGS_EN: Strings = Strings {
@@ -64,6 +66,7 @@ const STRINGS_EN: Strings = Strings {
     confirm_no: "Cancel",
     faillock_attempts_remaining: "{n} attempt(s) remaining before lockout!",
     faillock_locked: "Account may be locked",
+    auth_timeout: "Authentication timed out — please try again",
 };
 
 fn parse_lang_prefix(lang: &str) -> String {