chore: add pedantic workspace lints (#90)

Add [workspace.lints.rust] and wire each member crate up with
[lints] workspace = true:

  unsafe_code = "deny"        (forbid would break the Android JNI build)
  single_use_lifetimes = "warn"
  trivial_casts = "warn"
  unused_lifetimes = "warn"
  unused_qualifications = "warn"
  variant_size_differences = "warn"
  unexpected_cfgs = "warn"

unsafe_code is "deny" rather than the issue's "forbid" so the three
Android JNI FFI modules (android_keystore, android_clipboard, safe_area)
can opt back in with a scoped #![allow(unsafe_code)] — forbid cannot be
locally overridden. Pure crates carry no unsafe and stay clean.

Clean up the warnings the new lints surface:
- 150ish unused_qualifications removed via `cargo fix` (purely syntactic
  redundant-path-prefix removals).
- table_plugin: the TABLE_COLOUR import was #[cfg(test)]-gated while the
  camera clear-colour used the fully-qualified path; unqualifying it left
  a non-test build with no import. Made the import unconditional instead.
- assets/sources: the `as &[u8]` casts in embed_*_svg! coerce each
  fixed-size &[u8; N] to a uniform slice so the tuples fit the
  &[(&str, &[u8])] arrays — load-bearing, so scoped #[allow(trivial_casts)].

Workspace clippy -D warnings and the full test suite pass. Android build
not compiled here (needs the NDK; built separately per CLAUDE.md §15) —
the deny + scoped-allow keeps the JNI unsafe blocks legal.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

solitaire_engine/src/theme/importer.rs

@@ -236,7 +236,7 @@ pub fn import_theme_into(zip_path: &Path, target_root: &Path) -> Result<ThemeId,
 /// Sums every entry's declared uncompressed size and rejects archives
 /// that overflow [`MAX_ARCHIVE_BYTES`]. Iterates the central
 /// directory only — does not actually decompress anything.
-fn enforce_archive_size_limit<R: io::Read + io::Seek>(
+fn enforce_archive_size_limit<R: Read + io::Seek>(
     archive: &mut zip::ZipArchive<R>,
 ) -> Result<(), ImportError> {
     let mut total: u64 = 0;
@@ -257,7 +257,7 @@ fn enforce_archive_size_limit<R: io::Read + io::Seek>(
 /// (after normalisation) escapes its root. Catches `..`, absolute
 /// paths, drive prefixes on Windows, and the awkward case where
 /// `enclosed_name` returns `None` because the entry is suspicious.
-fn enforce_zip_slip_safe<R: io::Read + io::Seek>(
+fn enforce_zip_slip_safe<R: Read + io::Seek>(
     archive: &mut zip::ZipArchive<R>,
 ) -> Result<(), ImportError> {
     for i in 0..archive.len() {
@@ -291,7 +291,7 @@ fn is_safe_relative_path(p: &Path) -> bool {
 ///   `theme.ron` entry at its root.
 /// - [`ImportError::ManifestParse`] when the bytes don't form valid
 ///   RON for `ThemeManifest`.
-fn read_manifest<R: io::Read + io::Seek>(
+fn read_manifest<R: Read + io::Seek>(
     archive: &mut zip::ZipArchive<R>,
 ) -> Result<ThemeManifest, ImportError> {
     // We can't use `?` directly across `by_name` because a missing
@@ -318,7 +318,7 @@ fn read_manifest<R: io::Read + io::Seek>(
 ///
 /// Returns [`ImportError::MissingFile`] when the archive has no entry
 /// matching the path.
-fn read_archive_entry<R: io::Read + io::Seek>(
+fn read_archive_entry<R: Read + io::Seek>(
     archive: &mut zip::ZipArchive<R>,
     path: &Path,
 ) -> Result<Vec<u8>, ImportError> {
@@ -351,7 +351,7 @@ fn archive_key(path: &Path) -> String {
 /// parent directories as needed. The destination path is rebuilt from
 /// the safe components we already vetted in
 /// [`enforce_zip_slip_safe`], not from the raw entry name.
-fn write_archive_entry<R: io::Read + io::Seek>(
+fn write_archive_entry<R: Read + io::Seek>(
     archive: &mut zip::ZipArchive<R>,
     name: &str,
     staging: &Path,
@@ -384,7 +384,7 @@ fn write_archive_entry<R: io::Read + io::Seek>(
 
 /// Variant of [`write_archive_entry`] keyed by `Path` for the
 /// manifest-declared face/back paths.
-fn write_archive_entry_pathbuf<R: io::Read + io::Seek>(
+fn write_archive_entry_pathbuf<R: Read + io::Seek>(
     archive: &mut zip::ZipArchive<R>,
     path: &Path,
     staging: &Path,