[PM-31112] Decouple local tools crypto from user key

[mzieniukbw]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-31112
Requires bitwarden/sdk-internal#829

📔 Objective

Decouples local tools crypto from direct use of user key into an indirect local user data key. Used by password generator history and email forwarders encryption.
This will allow for user key rotation without logout, since we just have to re-encrypt the local user data key with the new user key, without re-encrypting all other data.
The local user data key state is not exposed in SDK. For backwards compatibility the local user data key is user key wrapped user key - this allows us to use it as drop in replacement
The SDK's CryptoClient exposes two new WASM stop-gap functions for encryption with the local user data key - intended to be only used by tools at this moment.

📸 Screenshots

[github-actions]

Checkmarx One – Scan Summary & Details – 0f1fcc68-966f-47aa-9595-ab51cafafbfb

---

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Angular_Usage_of_Unsafe_DOM_Sanitizer	/libs/components/src/svg/svg.component.ts: 29

[codecov]

Codecov Report

❌ Patch coverage is 66.66667% with 13 lines in your changes missing coverage. Please review.
✅ Project coverage is 45.36%. Comparing base (0465bb2) to head (43187bb).
⚠️ Report is 60 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...s/history/src/legacy-password-history-decryptor.ts	25.00%	6 Missing ⚠️
...ommon/src/tools/cryptography/user-key-encryptor.ts	75.00%	4 Missing ⚠️
libs/importer/src/components/importer-providers.ts	0.00%	1 Missing ⚠️
...ons/history/src/local-generator-history.service.ts	83.33%	1 Missing ⚠️
...y/src/create-legacy-password-generation-service.ts	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #19433      +/-   ##
==========================================
- Coverage   45.37%   45.36%   -0.01%     
==========================================
  Files        3764     3764              
  Lines      110625   110617       -8     
  Branches    16818    16821       +3     
==========================================
- Hits        50191    50181      -10     
- Misses      58227    58230       +3     
+ Partials     2207     2206       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[mzieniukbw]

Looks like we can't use sdk-managed state. Need to make change to SDK first.

[dani-garcia]

Platform changes lgtm

[mcamirault]

Tools changes still look good

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
9.6% Duplication on New Code

See analysis details on SonarQube Cloud

[bw-ghapp]

Changes in this PR impact the Autofill experience of the browser client

BIT has tested the core experience with these changes and all feature flags disabled.

✅ Fortunately, these BIT tests have passed! 🎉

[bw-ghapp]

Changes in this PR impact the Autofill experience of the browser client

BIT has tested the core experience with these changes and the feature flag configuration used by vault.bitwarden.com.

✅ Fortunately, these BIT tests have passed! 🎉