Security: Credentials stored in plaintext on disk

## Summary

Database passwords and AI API keys are stored as plaintext JSON files in the app data directory.

## Affected Files

### Database credentials
- **src-tauri/src/db/store.rs** (lines 14-29): `ConnectionStore::save()` writes `connections.json` via `serde_json::to_string_pretty`
- **src-tauri/src/db/connections.rs**: `ConnectionConfig` has `password: String` and `dbservice_api_key: String`

### AI API keys
- **src-tauri/src/ai/store.rs** (lines 26-31): `AiProviderStore::save()` writes `ai_providers.json` in plaintext
- **src-tauri/src/ai/provider.rs**: `AiProviderConfig` has `api_key: String`

## Location on disk

- Linux: ~/.config/sqail/connections.json, ~/.config/sqail/ai_providers.json
- macOS: ~/Library/Application Support/dev.sqail/
- Windows: %APPDATA%\dev.sqail\

## Risk

Any process or user with filesystem access to the app data directory can read all stored credentials — malware, other apps, backup tools, cloud sync.

## Remediation

Use OS-native secure storage via the Rust [keyring](https://crates.io/crates/keyring) crate:
- **macOS**: Keychain
- **Windows**: Credential Manager
- **Linux**: libsecret / GNOME Keyring

Store only secret values (passwords, API keys) in the keyring; keep non-sensitive config in JSON.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: Credentials stored in plaintext on disk #18

Summary

Affected Files

Database credentials

AI API keys

Location on disk

Risk

Remediation

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Security: Credentials stored in plaintext on disk #18

Description

Summary

Affected Files

Database credentials

AI API keys

Location on disk

Risk

Remediation

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions