Add passphrase

[RemmyAcee]

Close: #100

Here's a summary of all changes:

What changed
Cargo.toml Added zxcvbn = "=3.1.0" — the pure-Rust port of the Dropbox password strength estimator. Pinned to an exact version consistent with the project's style.

crypto.rs

MIN_PASSPHRASE_LEN = 12 — hard minimum enforced before zxcvbn even runs.
STRICT_MIN_SCORE = 3 — the score threshold for --strict mode ("safely unguessable" in zxcvbn's own scale).
PassphraseStrength enum — wraps the 0–4 zxcvbn score with label(), coloured_label() (red/yellow/green), and bar() (5-segment █░ bar, also coloured).
StrengthReport — carries the strength level plus any zxcvbn warning and first suggestion.
check_passphrase_strength() — public, pure function: enforces minimum length, runs zxcvbn, returns a StrengthReport. Testable without a TTY.
prompt_passphrase(prompt, strict) — the new creation-time prompt. Evaluates strength after the first entry, prints the bar + hints to stderr, loops on failure (too short, too weak in strict mode, or confirmation mismatch), only asks for confirmation once the passphrase passes.
prompt_password() — unchanged; still used for decryption flows where no strength check is needed.
6 new unit tests covering: length rejection, minimum-length acceptance, weak scoring, strong scoring, bar length invariant, and the strict threshold constant.
wallet.rs

wallet create gains --strict (requires --encrypt, so clap rejects it if used alone).
Before prompting, prints a contextual hint: either the minimum-length reminder (default) or the strict-mode requirement.
Calls crypto::prompt_passphrase() instead of crypto::prompt_password() when encrypting.

[RemmyAcee]

Done, Close: #141

[drips-wave]

@RemmyAcee Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits