feat(android): wire Android Keystore JNI via OnceLock

Remove the dependency on bevy::android::ANDROID_APP inside
android_keystore.rs. Instead, solitaire_data owns a process-wide
OnceLock<JavaVM> initialised by a new pub fn init_android_jvm().
solitaire_app calls it from android_main before run() so JNI is
ready before any auth-token operation can execute.

- android_keystore: drop ANDROID_APP import; add ANDROID_JVM OnceLock
  and init_android_jvm(vm_ptr: *mut c_void)
- solitaire_data/lib.rs: re-export init_android_jvm for android target
- auth_tokens.rs: update doc comment (Android backend is now complete)
- solitaire_app/lib.rs: call init_android_jvm from android_main

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

solitaire_data/src/auth_tokens.rs

@@ -14,15 +14,13 @@
 //! the Bevy `App`). If no default store is set, all operations in this module
 //! will return [`TokenError::KeychainUnavailable`].
 //!
-//! # Android stub
+//! # Android
 //!
 //! `keyring-core` cannot compile for the android target (its `rpassword`
 //! transitive dep uses `libc::__errno_location`, which Android's bionic
-//! doesn't expose). On Android every function in this module returns
-//! [`TokenError::KeychainUnavailable`] so callers can detect the fallback
-//! the same way they handle a Linux box without Secret Service. The
-//! real Android backend will arrive in the Phase-Android round when we
-//! wire Android Keystore via JNI.
+//! doesn't expose). On Android this module delegates to an Android Keystore
+//! JNI backend. `solitaire_app` must call `solitaire_data::init_android_jvm`
+//! from Android startup before token operations can succeed.
 //!
 //! # Note: no unit tests — requires live OS keychain.