feat: add external SSD conditional locking (multi-app) and lock-screen Go Back safety

[ChristianMilianti]

Summary

This PR introduces conditional locking based on external SSD presence, expands it to support multiple selected apps, and adds a safe “Go Back” escape action on the lock screen to prevent accidental lock-in UX.

What Changed

• Added external drive detection service:
• Enumerates mounted external local volumes
• Resolves connection state by volume UUID
• Added new app settings for SSD-conditional locking:
• Enable/disable SSD condition mode
• Selected SSD UUID/name
• Selected app bundle identifiers (multi-app)
• Backward-compatible migration from legacy single-app setting
• Updated lock gating logic:
• SSD condition applies only to selected app(s)
• Non-selected protected apps continue normal/default lock behavior
• Updated General settings UI:
• Added “External SSD Condition” section
• Multi-select protected app toggles
• SSD picker + refresh + connection status
• Added lock-screen “Go Back” flow:
• Dismisses overlay without authenticating
• Clears pending lock state
• Hides accidental app launch and returns focus to Finder
• Updates menu bar icon state accordingly
• Updated README:
• Feature list entry
• Setup and behavior docs for SSD condition (including iCloud Photos external drive example)
• Safety section entry for Go Back action

Behaviour Details

• If SSD condition mode is off: existing locking behavior is unchanged.
• If SSD condition mode is on:
• Selected app(s): locked only when selected SSD is disconnected.
• Non-selected protected apps: unaffected, still follow default lock behavior.
• Go Back on lock screen:
• Exits lock overlay safely without unlocking app content.

Notes

Existing users with the old single-app SSD setting are migrated automatically.
No changes to auth provider logic (Touch ID/password flow remains intact).

• [yes] Tested with Chess.app
• [yes] Panic key verified (Cmd+Opt+Shift+Ctrl+U)
• [no] Builds without warnings

Build succeeded, but not completely warning-free.

I saw these warnings in the xcodebuild output:

“Using the first of multiple matching destinations” (duplicate My Mac destination entries).
AppIntents metadata warning: “Metadata extraction skipped. No AppIntents.framework dependency found.”
So: successful build, with non-fatal warnings.

[dutkiewiczmaciej]

Thanks for this, really impressive contribution! A few things I'd like to address before merging:

1. Xcode user files — xcuserdata/christian.xcuserdatad/ and contents.xcworkspacedata shouldn't be committed. Please remove them from the PR.

2. Indentation — the codebase uses 4 spaces consistently. shouldLockAppUnderCurrentConditions() has mixed tabs/spaces — could you fix that?

3. Go Back replacing Cancel in password view — currently Cancel returns to the Touch ID card. Your PR changes it to dismiss the overlay entirely. I'd prefer keeping Cancel as-is and having Go Back as a separate button on the main lock card only.

4. ExternalDriveService caching — isVolumeConnected enumerates all volumes on every call. Since this runs on every app switch, it would be better to cache the volume list and invalidate on NSWorkspace.didMountNotification / didUnmountNotification.

5. ProtectedAppsManager.shared — is this a new class you added? I don't see it in the diff.

The feature itself is a great idea — I'll definitely want to include it. Just needs these fixes first. Thanks again for putting in the work!