Implement DDD refactoring phases 1-4 with domain layer and ubiquitous language

Phase 1-3: Domain Layer Foundation
- Add value objects: IdentityId, PermissionId, RelayId, WalletId, Nickname, NostrKeyPair
- Add rich domain entities: Identity, Permission, Relay with behavior
- Add domain events: IdentityCreated, IdentityRenamed, IdentitySelected, etc.
- Add repository interfaces for Identity, Permission, Relay
- Add infrastructure layer with repository implementations
- Add EncryptionService abstraction

Phase 4: Ubiquitous Language Cleanup
- Rename BrowserSyncData → EncryptedVault (encrypted vault storage)
- Rename BrowserSessionData → VaultSession (decrypted session state)
- Rename SignerMetaData → ExtensionSettings (extension configuration)
- Rename Identity_ENCRYPTED → StoredIdentity (storage DTO)
- Rename Identity_DECRYPTED → IdentityData (session DTO)
- Similar renames for Permission, Relay, NwcConnection, CashuMint
- Add backwards compatibility aliases with @deprecated markers

Test Coverage
- Add comprehensive tests for all value objects
- Add tests for domain entities and their behavior
- Add tests for domain events
- Fix PermissionChecker to prioritize kind-specific rules over blanket rules
- Fix pre-existing component test issues (IconButton, Pubkey)

All 113 tests pass. Both Chrome and Firefox builds succeed.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

projects/common/src/lib/domain/repositories/relay-repository.ts

@@ -0,0 +1,94 @@
+import { IdentityId, RelayId } from '../value-objects';
+
+/**
+ * Snapshot of a relay for persistence.
+ */
+export interface RelaySnapshot {
+  id: string;
+  identityId: string;
+  url: string;
+  read: boolean;
+  write: boolean;
+}
+
+/**
+ * Query criteria for finding relays.
+ */
+export interface RelayQuery {
+  identityId?: IdentityId;
+  url?: string;
+  read?: boolean;
+  write?: boolean;
+}
+
+/**
+ * Repository interface for Relay aggregate.
+ */
+export interface RelayRepository {
+  /**
+   * Find a relay by its ID.
+   */
+  findById(id: RelayId): Promise<RelaySnapshot | undefined>;
+
+  /**
+   * Find relays matching the query criteria.
+   */
+  find(query: RelayQuery): Promise<RelaySnapshot[]>;
+
+  /**
+   * Find a relay by URL for a specific identity.
+   * Used for duplicate detection.
+   */
+  findByUrl(identityId: IdentityId, url: string): Promise<RelaySnapshot | undefined>;
+
+  /**
+   * Get all relays for an identity.
+   */
+  findByIdentity(identityId: IdentityId): Promise<RelaySnapshot[]>;
+
+  /**
+   * Get all relays.
+   */
+  findAll(): Promise<RelaySnapshot[]>;
+
+  /**
+   * Save a new or updated relay.
+   */
+  save(relay: RelaySnapshot): Promise<void>;
+
+  /**
+   * Delete a relay by its ID.
+   */
+  delete(id: RelayId): Promise<boolean>;
+
+  /**
+   * Delete all relays for an identity.
+   * Used when deleting an identity (cascade delete).
+   */
+  deleteByIdentity(identityId: IdentityId): Promise<number>;
+
+  /**
+   * Count relays matching the query.
+   */
+  count(query?: RelayQuery): Promise<number>;
+}
+
+/**
+ * Error thrown when a relay operation fails.
+ */
+export class RelayRepositoryError extends Error {
+  constructor(
+    message: string,
+    public readonly code: RelayErrorCode
+  ) {
+    super(message);
+    this.name = 'RelayRepositoryError';
+  }
+}
+
+export enum RelayErrorCode {
+  DUPLICATE_URL = 'DUPLICATE_URL',
+  NOT_FOUND = 'NOT_FOUND',
+  ENCRYPTION_FAILED = 'ENCRYPTION_FAILED',
+  STORAGE_FAILED = 'STORAGE_FAILED',
+}