feat: Migrate binary settings to json (#920)

## Summary

* This PR introduces a migration from binary file storage to JSON-based
storage for application settings, state, and various credential stores.
This improves readability, maintainability, and allows for easier manual
configuration editing.
* Benefits:
  - Settings files are now JSON and can be easily read/edited manually
  - Easier to inspect application state and settings during development
  - JSON structure is more flexible for future changes
* Drawback: around 15k of additional flash usage
* Compatibility: Seamless migration preserves existing user data

## Additional Context
1. New JSON I/O Infrastructure files:
- JsonSettingsIO: Core JSON serialization/deserialization logic using
ArduinoJson library
- ObfuscationUtils: XOR-based password obfuscation for sensitive data
2. Migrated Components (now use JSON storage with automatic binary
migration):
     - CrossPointSettings (settings.json): Main application settings
- CrossPointState (state.json): Application state (open book, sleep
mode, etc.)
- WifiCredentialStore (wifi.json): WiFi network credentials (Password
Obfuscation: Sensitive data like WiFi passwords, uses XOR encryption
with fixed keys. Note: This is obfuscation, not cryptographic security -
passwords can be recovered with the key)
- KOReaderCredentialStore (koreader.json): KOReader sync credentials
     - RecentBooksStore (recent.json): Recently opened books list
3. Migration Logic
     - Forward Compatibility: New installations use JSON format
- Backward Compatibility: Existing binary files are automatically
migrated to JSON on first load
- Backup Safety: Original binary files are renamed with .bak extension
after successful migration
- Fallback Handling: If JSON parsing fails, system falls back to binary
loading
4. Infrastructure Updates
     - HalStorage: Added rename() method for backup operations

---

### AI Usage

While CrossPoint doesn't have restrictions on AI tools in contributing,
please be transparent about their usage as it
helps set the right context for reviewers.

Did you use AI tools to help write this code? _** YES**_

---------

Co-authored-by: Dave Allie <dave@daveallie.com>

src/WifiCredentialStore.h

@@ -4,13 +4,20 @@
 
 struct WifiCredential {
   std::string ssid;
-  std::string password;  // Stored obfuscated in file
+  std::string password;  // Plaintext in memory; obfuscated with hardware key on disk
 };
 
+class WifiCredentialStore;
+namespace JsonSettingsIO {
+bool saveWifi(const WifiCredentialStore& store, const char* path);
+bool loadWifi(WifiCredentialStore& store, const char* json, bool* needsResave);
+}  // namespace JsonSettingsIO
+
 /**
  * Singleton class for storing WiFi credentials on the SD card.
- * Credentials are stored in /sd/.crosspoint/wifi.bin with basic
- * XOR obfuscation to prevent casual reading (not cryptographically secure).
+ * Passwords are XOR-obfuscated with the device's unique hardware MAC address
+ * and base64-encoded before writing to JSON (not cryptographically secure,
+ * but prevents casual reading and ties credentials to the specific device).
  */
 class WifiCredentialStore {
  private:
@@ -23,8 +30,10 @@ class WifiCredentialStore {
   // Private constructor for singleton
   WifiCredentialStore() = default;
 
-  // XOR obfuscation (symmetric - same for encode/decode)
-  void obfuscate(std::string& data) const;
+  bool loadFromBinaryFile();
+
+  friend bool JsonSettingsIO::saveWifi(const WifiCredentialStore&, const char*);
+  friend bool JsonSettingsIO::loadWifi(WifiCredentialStore&, const char*, bool*);
 
  public:
   // Delete copy constructor and assignment