fix: audit fixes — D-Bus sender validation, fp lifecycle, multi-monitor caching (v0.6.0)

Close the only exploitable auth bypass: validate VerifyStatus signal sender
against fprintd's unique bus name. Fix fingerprint D-Bus lifecycle so devices
are properly released on verify-match and async restarts check the running
flag between awaits.

Security: num_msg guard in PAM callback, symlink rejection for background_path,
peek icon disabled, TOML parse errors logged, panic hook before logging.

Performance: blur and avatar textures cached across monitors, release profile
with LTO/strip.

src/power.rs

@@ -7,14 +7,12 @@ use std::process::Command;
 #[derive(Debug)]
 pub enum PowerError {
     CommandFailed { action: &'static str, message: String },
-    Timeout { action: &'static str },
 }
 
 impl fmt::Display for PowerError {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         match self {
             PowerError::CommandFailed { action, message } => write!(f, "{action} failed: {message}"),
-            PowerError::Timeout { action } => write!(f, "{action} timed out"),
         }
     }
 }
@@ -44,7 +42,6 @@ mod tests {
     use super::*;
 
     #[test] fn power_error_display() { assert_eq!(PowerError::CommandFailed { action: "reboot", message: "fail".into() }.to_string(), "reboot failed: fail"); }
-    #[test] fn timeout_display() { assert_eq!(PowerError::Timeout { action: "shutdown" }.to_string(), "shutdown timed out"); }
     #[test] fn missing_binary() { assert!(run_command("test", "nonexistent-xyz", &[]).is_err()); }
     #[test] fn nonzero_exit() { assert!(run_command("test", "false", &[]).is_err()); }
     #[test] fn success() { assert!(run_command("test", "true", &[]).is_ok()); }