chore: add pedantic workspace lints (#90)

Add [workspace.lints.rust] and wire each member crate up with
[lints] workspace = true:

  unsafe_code = "deny"        (forbid would break the Android JNI build)
  single_use_lifetimes = "warn"
  trivial_casts = "warn"
  unused_lifetimes = "warn"
  unused_qualifications = "warn"
  variant_size_differences = "warn"
  unexpected_cfgs = "warn"

unsafe_code is "deny" rather than the issue's "forbid" so the three
Android JNI FFI modules (android_keystore, android_clipboard, safe_area)
can opt back in with a scoped #![allow(unsafe_code)] — forbid cannot be
locally overridden. Pure crates carry no unsafe and stay clean.

Clean up the warnings the new lints surface:
- 150ish unused_qualifications removed via `cargo fix` (purely syntactic
  redundant-path-prefix removals).
- table_plugin: the TABLE_COLOUR import was #[cfg(test)]-gated while the
  camera clear-colour used the fully-qualified path; unqualifying it left
  a non-test build with no import. Made the import unconditional instead.
- assets/sources: the `as &[u8]` casts in embed_*_svg! coerce each
  fixed-size &[u8; N] to a uniform slice so the tuples fit the
  &[(&str, &[u8])] arrays — load-bearing, so scoped #[allow(trivial_casts)].

Workspace clippy -D warnings and the full test suite pass. Android build
not compiled here (needs the NDK; built separately per CLAUDE.md §15) —
the deny + scoped-allow keeps the JNI unsafe blocks legal.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

solitaire_data/Cargo.toml

@@ -47,3 +47,6 @@ sqlx             = { workspace = true }
 jsonwebtoken     = { workspace = true }
 uuid             = { workspace = true }
 chrono           = { workspace = true }
+
+[lints]
+workspace = true

solitaire_data/src/android_keystore.rs

@@ -1,3 +1,8 @@
+// JNI FFI requires `unsafe` to reconstruct `JavaVM` / `JByteArray` handles
+// from raw pointers handed over by the Android runtime. Scoped to this
+// module so the rest of the workspace stays `deny(unsafe_code)`.
+#![allow(unsafe_code)]
+
 /// Android Keystore token storage via JNI.
 ///
 /// Tokens are serialised to JSON, encrypted with AES-256/GCM/NoPadding using a

solitaire_data/src/lib.rs

@@ -58,7 +58,7 @@ pub trait SyncProvider: Send + Sync {
     /// so backends without a server (e.g. `LocalOnlyProvider`) are
     /// silently no-op'd by the engine's push-on-win system, matching
     /// the same pattern `pull` / `push` follow.
-    async fn push_replay(&self, _replay: &crate::replay::Replay) -> Result<String, SyncError> {
+    async fn push_replay(&self, _replay: &Replay) -> Result<String, SyncError> {
         Err(SyncError::UnsupportedPlatform)
     }
 }
@@ -94,7 +94,7 @@ impl SyncProvider for Box<dyn SyncProvider + Send + Sync> {
     async fn delete_account(&self) -> Result<(), SyncError> {
         (**self).delete_account().await
     }
-    async fn push_replay(&self, replay: &crate::replay::Replay) -> Result<String, SyncError> {
+    async fn push_replay(&self, replay: &Replay) -> Result<String, SyncError> {
         (**self).push_replay(replay).await
     }
 }