Add support for encryption in WASM database bindings

[hosseind88]

NOTICE:

Description

Fixes #5361 — improves Wasm encryption usability for browser SDK users.

Changes:

1. Clearer opt-in error (core/storage/pager.rs)
   When encryption PRAGMAs are used without opting in at open time, the error now mentions both the CLI flag (--experimental-encryption) and the SDK path (encryption option or experimental: ['encryption'] on connect()).

2. Wasm cipher conversion (bindings/javascript/packages/wasm/promise-vite-dev-hack.ts, index-vite-dev-hack.ts)
   The Node bindings already convert string cipher names (e.g. "aegis256") to the native enum before calling Rust. The Wasm Vite entry point did not, causing:
   Failed to convert napi value String into rust type i32 on EncryptionOpts.cipher.
   This mirrors the existing getCipherValue() logic from packages/native/promise.ts.

3. Wasm crypto build (core/Cargo.toml)
   Use pure-rust aegis on wasm32 (same as Android/macOS) so encryption compiles and runs in browser builds without C cross-compilation issues.

4. Example (examples/javascript/database-wasm-encryption-vite/)
   New Vite browser example showing the correct way to open an encrypted database:

   await connect("encrypted-guestbook.db", {
     encryption: { cipher: "aegis256", hexkey: "..." },
   });

Motivation and context

Reported in #5361 / Discord: a user got encryption working in the browser except when using PRAGMAs alone. The error pointed to --experimental-encryption, which does not apply in Wasm/JS.

Root causes:

• Misleading error message for SDK users
• Wasm bindings not converting encryption.cipher strings to the Rust enum (Node already did)
• Possible Wasm build issues with non–pure-rust aegis

Note: The cipher conversion is applied to the Vite dev entry point (@tursodatabase/database-wasm/vite), which is what the new example and npm run dev use. Other Wasm entry points (promise-default, promise-bundle, promise-turbopack-hack) could get the same treatment in a follow-up.

Test plan

• Build Wasm bindings in order: database-common → database-wasm-common → database-wasm
• Run examples/javascript/database-wasm-encryption-vite with npm run dev — encrypted guestbook works with cipher: "aegis256"
• Reproduce original issue: connect without encryption opts + PRAGMA cipher/hexkey → improved error message
• Open encrypted DB with wrong key → fails as expected
• cargo fmt / clippy on changed Rust files

Description of AI Usage

AI (Cursor) was used to explore the codebase, trace the issue from #5361 through the Rust pager, JS bindings, and Wasm build, and to implement the changes above. The author reproduced the bugs locally (import resolution, string→enum conversion, decryption on stale OPFS files) and validated the fix by building bindings and running the encryption example. All changes were reviewed before opening this PR.

[github-actions]

Fossier: Manual Review Requested

@hosseind88 is a new contributor. A maintainer should review this PR before merging.

Score Breakdown

Total Score: 51.9/100 | Confidence: 100% | Outcome: REVIEW

Signal	Value	Score	Weight
account_age	2077	1.00	0.07
public_repos	41	1.00	0.04
contribution_history	42	0.21	0.04
follower_ratio	0.2	0.10	0.04
bot_signals	False	0.50	0.03
open_prs_elsewhere	3	0.62	0.07
closed_prs_elsewhere	4	0.60	0.08
merged_prs_elsewhere	26	1.00	0.06
prior_interaction	0	0.00	0.24
activity_velocity	1	1.00	0.06
pr_content	...	1.00	0.06
commit_email	no_email	0.50	0.03
pr_description	...	0.55	0.04
repo_stars	19122	0.30	0.03
org_membership	0	0.20	0.02
commit_verification	...	0.30	0.03
contributor_stars	68	1.00	0.03