chore(core): clean up Plan 1A clippy warnings

Auto-deref at &Zeroizing<[u8;32]> call sites, range pattern in generators,
useless String::into conversions in tests, unused Zeroizing import.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

crates/idfoto-core/src/attachment.rs

@@ -73,7 +73,7 @@ pub fn encrypt_attachment(
         });
     }
     let id = AttachmentId::from_plaintext(plaintext);
-    let bytes = encrypt(&**master_key, plaintext)?;
+    let bytes = encrypt(master_key, plaintext)?;
     Ok(EncryptedAttachment { id, bytes })
 }
 
@@ -87,7 +87,7 @@ pub fn decrypt_attachment(
     encrypted: &[u8],
     master_key: &Zeroizing<[u8; 32]>,
 ) -> Result<Zeroizing<Vec<u8>>> {
-    let plaintext = decrypt(&**master_key, encrypted)?;
+    let plaintext = decrypt(master_key, encrypted)?;
     Ok(Zeroizing::new(plaintext))
 }
 

crates/idfoto-core/src/generators.rs

@@ -76,7 +76,7 @@ pub fn generate_passphrase(req: &GeneratorRequest) -> Result<Zeroizing<String>>
 }
 
 fn bip39_passphrase(word_count: u32, separator: &str, cap: Capitalization) -> Result<Zeroizing<String>> {
-    if !matches!(word_count, 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12) {
+    if !matches!(word_count, 3..=12) {
         return Err(IdfotoError::Format("word_count must be 3..=12".into()));
     }
     // bip39 v2 requires entropy 128–256 bits in multiples of 32 bits (4 bytes).

crates/idfoto-core/src/item.rs

@@ -450,7 +450,7 @@ mod tests {
         item.sections.push(Section { name: None, fields: vec![f] });
 
         for i in 1..=5 {
-            item.set_field_value(&fid, FieldValue::Password(Zeroizing::new(format!("v{i}").into()))).unwrap();
+            item.set_field_value(&fid, FieldValue::Password(Zeroizing::new(format!("v{i}")))).unwrap();
         }
         assert_eq!(item.field_history[&fid].len(), 5);
 
@@ -473,7 +473,7 @@ mod tests {
         let now = 1_000_000_000;
         item.field_history.insert(fid.clone(), vec![
             FieldHistoryEntry { value: Zeroizing::new("old".into()),    replaced_at: now - 100 * 86_400 },
-            FieldHistoryEntry { value: Zeroizing::new("recent".into()), replaced_at: now -   1 * 86_400 },
+            FieldHistoryEntry { value: Zeroizing::new("recent".into()), replaced_at: now - 86_400 },
         ]);
 
         item.prune_history(&HistoryRetention::Days(30), now);

crates/idfoto-core/src/item_types/mod.rs

@@ -102,7 +102,6 @@ mod tests {
 
     #[test]
     fn item_core_round_trips_for_all_seven_types() {
-        use zeroize::Zeroizing;
         use crate::ids::AttachmentId;
 
         let cores = vec![

crates/idfoto-core/src/vault.rs

@@ -16,11 +16,11 @@ use crate::settings::VaultSettings;
 pub fn encrypt_item(item: &Item, master_key: &Zeroizing<[u8; 32]>) -> Result<Vec<u8>> {
     let json = serde_json::to_vec(item)?;
     let plaintext = Zeroizing::new(json);
-    encrypt(&**master_key, plaintext.as_slice())
+    encrypt(master_key, plaintext.as_slice())
 }
 
 pub fn decrypt_item(encrypted: &[u8], master_key: &Zeroizing<[u8; 32]>) -> Result<Item> {
-    let plaintext = decrypt(&**master_key, encrypted)?;
+    let plaintext = decrypt(master_key, encrypted)?;
     let plaintext = Zeroizing::new(plaintext);
     let item: Item = serde_json::from_slice(&plaintext)?;
     Ok(item)
@@ -29,11 +29,11 @@ pub fn decrypt_item(encrypted: &[u8], master_key: &Zeroizing<[u8; 32]>) -> Resul
 pub fn encrypt_manifest(manifest: &Manifest, master_key: &Zeroizing<[u8; 32]>) -> Result<Vec<u8>> {
     let json = serde_json::to_vec(manifest)?;
     let plaintext = Zeroizing::new(json);
-    encrypt(&**master_key, plaintext.as_slice())
+    encrypt(master_key, plaintext.as_slice())
 }
 
 pub fn decrypt_manifest(encrypted: &[u8], master_key: &Zeroizing<[u8; 32]>) -> Result<Manifest> {
-    let plaintext = decrypt(&**master_key, encrypted)?;
+    let plaintext = decrypt(master_key, encrypted)?;
     let plaintext = Zeroizing::new(plaintext);
     let manifest: Manifest = serde_json::from_slice(&plaintext)?;
     Ok(manifest)
@@ -42,11 +42,11 @@ pub fn decrypt_manifest(encrypted: &[u8], master_key: &Zeroizing<[u8; 32]>) -> R
 pub fn encrypt_settings(settings: &VaultSettings, master_key: &Zeroizing<[u8; 32]>) -> Result<Vec<u8>> {
     let json = serde_json::to_vec(settings)?;
     let plaintext = Zeroizing::new(json);
-    encrypt(&**master_key, plaintext.as_slice())
+    encrypt(master_key, plaintext.as_slice())
 }
 
 pub fn decrypt_settings(encrypted: &[u8], master_key: &Zeroizing<[u8; 32]>) -> Result<VaultSettings> {
-    let plaintext = decrypt(&**master_key, encrypted)?;
+    let plaintext = decrypt(master_key, encrypted)?;
     let plaintext = Zeroizing::new(plaintext);
     let settings: VaultSettings = serde_json::from_slice(&plaintext)?;
     Ok(settings)

crates/idfoto-core/tests/field_history.rs

@@ -37,7 +37,7 @@ fn prune_last_n_keeps_most_recent() {
     let fid = f.id.clone();
     item.sections.push(Section { name: None, fields: vec![f] });
     for i in 1..=10 {
-        item.set_field_value(&fid, FieldValue::Password(Zeroizing::new(format!("v{i}").into()))).unwrap();
+        item.set_field_value(&fid, FieldValue::Password(Zeroizing::new(format!("v{i}")))).unwrap();
     }
     item.prune_history(&HistoryRetention::LastN(3), 0);
     let hist = &item.field_history[&fid];

crates/idfoto-core/tests/format_v2.rs

@@ -20,7 +20,7 @@ fn version_byte_is_2() {
 fn fresh_ciphertext_starts_with_0x02() {
     let key = Zeroizing::new([0u8; 32]);
     // encrypt(key: &[u8; 32], plaintext: &[u8])
-    let ct = encrypt(&*key, b"hello").unwrap();
+    let ct = encrypt(&key, b"hello").unwrap();
     assert_eq!(ct[0], 0x02);
 }
 
@@ -31,7 +31,7 @@ fn v1_blob_is_rejected_with_unsupported_format_version() {
     blob.extend_from_slice(&[0u8; 24 + 16]);
     let key = Zeroizing::new([0u8; 32]);
     // decrypt(key: &[u8; 32], data: &[u8])
-    let err = decrypt(&*key, &blob);
+    let err = decrypt(&key, &blob);
     match err {
         Err(IdfotoError::UnsupportedFormatVersion { found, expected }) => {
             assert_eq!(found, 0x01);