feat(integrity): add Play Integrity API integration

[lanthoor]

Summary

• Hybrid Play Integrity check: backend-verified classic path first, falls back to on-device standard request when offline
• Blocks app on Red verdict (rooted device / sideloaded APK) with a friendly error screen showing the reason
• Green/Yellow/Unknown verdicts proceed normally
• All checks skipped in debug builds for frictionless local/AVD testing
• Secrets injected via CI env vars, with local.properties fallback for dev

New Files

File	Purpose
domain/model/IntegrityVerdict.kt	Sealed class: Green / Yellow / Red / Unknown
domain/repository/PlayIntegrityRepository.kt	Repository interface
data/repository/PlayIntegrityRepositoryImpl.kt	Hybrid path implementation with debug bypass
data/remote/BackendIntegrityApi.kt	Retrofit service for backend
data/remote/dto/IntegrityDto.kt	Request/response DTOs
di/NetworkModule.kt	Hilt module for OkHttp + Retrofit
di/IntegrityModule.kt	Hilt module binding repository
ui/viewmodels/IntegrityViewModel.kt	HiltViewModel, runs check on init, catches errors
ui/screens/IntegrityBlockScreen.kt	Block screen with error details + retry + action guidance

Modified Files

File	Change
gradle/libs.versions.toml	Added play-integrity, retrofit, okhttp deps
app/build.gradle.kts	Dependencies + env/local.properties-based BuildConfig
app/proguard-rules.pro	Keep rules for Play Integrity + Retrofit
app/src/main/res/values/strings.xml	Block screen strings
MainActivity.kt	IntegrityViewModel wired in, gates UI before initialization
.github/workflows/release.yml	Inject secrets for release builds