fix(core): disable HOTP with clear error (audit I6)

HOTP requires incrementing and persisting the counter after each use.
Without vault-save machinery in compute_totp_code, HOTP would desync
immediately. Now returns HotpNotSupported error.

TOTP and Steam codes continue to work.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

crates/relicario-core/src/error.rs

@@ -109,6 +109,12 @@ pub enum RelicarioError {
     /// rotating the passphrase or reference image.
     #[error("device key error: {0}")]
     DeviceKey(String),
+
+    /// HOTP requires incrementing and persisting the counter after each use.
+    /// Without vault-save machinery in compute_totp_code, HOTP would desync
+    /// immediately. Use TOTP instead.
+    #[error("HOTP is not supported: counter persistence requires vault save after each use")]
+    HotpNotSupported,
 }
 
 /// Crate-wide result alias, reducing boilerplate in function signatures.