Wire EncryptedBackend into database init

[praveenperera]

Integrate EncryptedBackend into database startup with detection, migration triggering, and .bak cleanup.

Startup sequence:

1. Check for interrupted migration: if .bak and .enc.tmp exist → resume (finish rename)
2. Detect if DB is encrypted via EncryptedBackend::is_encrypted(path)
   • Encrypted: open with EncryptedBackend using Sensitive Data Key
   • Plaintext: open without encryption (legacy, pre-master-key)
3. If encrypted DB opened successfully and .bak exists → delete .bak
4. If migration needed (master key exists but DB is still plaintext) → run migration → restart DB init

Integration points:

• database.rs:get_or_create_main_database() — add encrypted path
• database/wallet_data.rs:get_or_create_database() — add encrypted path
• Both functions gain an Option<[u8; 32]> key parameter: None → plaintext (backwards compatible), Some(key) → open/create with EncryptedBackend

Files: rust/src/database.rs, rust/src/database/wallet_data.rs