Fix Screen Recording permission cache never downgrading after revocation

[execsumo]

Summary

The persisted screenCaptureTCCGranted flag seeded the in-process granted state at launch and could never be cleared — so revoking Screen Recording in System Settings while Heard wasn't running left the app showing Granted forever, across restarts.

This replaces the boolean with ScreenCaptureGrantCache, a pure, unit-tested state machine that distinguishes the two cases the old code conflated:

• Grant confirmed live this session → sticky for the process lifetime, exactly as before. macOS only applies revocations after an app restart, so a mid-session false probe is always stale. (Preserves the v0.2.3 stale-"Not Granted" fix — no regression.)
• Grant cached from a previous session → trusted only for a ~30 s reconfirmation window after launch (10 poll ticks × 3 s, enough to ride out the window-list probe's transient false negatives). If no probe confirms within the window, the cache and persisted flag are cleared and the UI downgrades to Not Granted. A later successful probe re-confirms and re-persists, so a rare over-eager downgrade self-heals.
• The authoritative SCShareableContent check after the "Grant…" flow now clears a stale cache immediately on a definitive false, instead of being ignored.

Changes

• Sources/HeardCore/Services.swift: new ScreenCaptureGrantCache value type; PermissionCenter migrated off the sticky boolean; UserDefaults writes centralized in applyScreenCaptureProbe
• Tests/HeardTests/PermissionCenterTests.swift: 9 new tests covering revocation-while-not-running, confirmation stickiness, budget exhaustion, recovery after downgrade, and authoritative-probe semantics
• handoff.md: documented the grant-caching behavior

Testing

• CI green on the branch (build + full HeardTests suite): https://github.com/execsumo/Heard/actions/runs/27388179318

https://claude.ai/code/session_01UMbvMVowzQq3LgFpaQA8aE

---

Generated by Claude Code