Use mcdsl/terminal for all password prompts

Replace direct golang.org/x/term calls with mcdsl/terminal across init,
unseal, migrate-aad, and migrate-barrier commands. Seal password prompts
use ReadPasswordBytes to preserve zeroization capability.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

cmd/metacrypt/init.go

@@ -5,11 +5,10 @@ import (
 	"fmt"
 	"log/slog"
 	"os"
-	"syscall"
 
 	"github.com/spf13/cobra"
-	"golang.org/x/term"
 
+	"git.wntrmute.dev/mc/mcdsl/terminal"
 	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
 	"git.wntrmute.dev/mc/metacrypt/internal/config"
 	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
@@ -59,16 +58,12 @@ func runInit(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("already initialized")
 	}
 
-	fmt.Print("Enter seal password: ")
-	pw1, err := term.ReadPassword(int(syscall.Stdin))
-	fmt.Println()
+	pw1, err := terminal.ReadPasswordBytes("Enter seal password: ")
 	if err != nil {
 		return fmt.Errorf("reading password: %w", err)
 	}
 
-	fmt.Print("Confirm seal password: ")
-	pw2, err := term.ReadPassword(int(syscall.Stdin))
-	fmt.Println()
+	pw2, err := terminal.ReadPasswordBytes("Confirm seal password: ")
 	if err != nil {
 		return fmt.Errorf("reading password: %w", err)
 	}

cmd/metacrypt/migrate_aad.go

@@ -4,12 +4,10 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
-	"os"
-	"syscall"
 
 	"github.com/spf13/cobra"
-	"golang.org/x/term"
 
+	"git.wntrmute.dev/mc/mcdsl/terminal"
 	"git.wntrmute.dev/mc/metacrypt/internal/config"
 	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
 	"git.wntrmute.dev/mc/metacrypt/internal/db"
@@ -52,9 +50,7 @@ func runMigrateAAD(cmd *cobra.Command, args []string) error {
 	defer func() { _ = database.Close() }()
 
 	// Read unseal password.
-	fmt.Fprint(os.Stderr, "Unseal password: ")
-	passwordBytes, err := term.ReadPassword(int(syscall.Stdin))
-	fmt.Fprintln(os.Stderr)
+	passwordBytes, err := terminal.ReadPasswordBytes("Unseal password: ")
 	if err != nil {
 		return fmt.Errorf("read password: %w", err)
 	}

cmd/metacrypt/migrate_barrier.go

@@ -4,12 +4,10 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
-	"os"
-	"syscall"
 
 	"github.com/spf13/cobra"
-	"golang.org/x/term"
 
+	"git.wntrmute.dev/mc/mcdsl/terminal"
 	"git.wntrmute.dev/mc/metacrypt/internal/barrier"
 	"git.wntrmute.dev/mc/metacrypt/internal/config"
 	"git.wntrmute.dev/mc/metacrypt/internal/crypto"
@@ -62,9 +60,7 @@ func runMigrateBarrier(cmd *cobra.Command, args []string) error {
 	}
 
 	// Read unseal password.
-	fmt.Fprint(os.Stderr, "Unseal password: ")
-	passwordBytes, err := term.ReadPassword(int(syscall.Stdin))
-	fmt.Fprintln(os.Stderr)
+	passwordBytes, err := terminal.ReadPasswordBytes("Unseal password: ")
 	if err != nil {
 		return fmt.Errorf("read password: %w", err)
 	}

cmd/metacrypt/unseal.go

@@ -11,10 +11,10 @@ import (
 	"os"
 
 	"github.com/spf13/cobra"
-	"golang.org/x/term"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 
+	"git.wntrmute.dev/mc/mcdsl/terminal"
 	metacryptv1 "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v1"
 )
 
@@ -43,17 +43,15 @@ func runUnseal(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("one of --grpc-addr or --addr is required")
 	}
 
-	fmt.Print("Unseal password: ")
-	passwordBytes, err := term.ReadPassword(int(os.Stdin.Fd())) //nolint:gosec
-	fmt.Println()
+	password, err := terminal.ReadPassword("Unseal password: ")
 	if err != nil {
 		return fmt.Errorf("read password: %w", err)
 	}
 
 	if unsealGRPCAddr != "" {
-		return unsealViaGRPC(unsealGRPCAddr, unsealCACert, string(passwordBytes))
+		return unsealViaGRPC(unsealGRPCAddr, unsealCACert, password)
 	}
-	return unsealViaREST(unsealAddr, unsealCACert, string(passwordBytes))
+	return unsealViaREST(unsealAddr, unsealCACert, password)
 }
 
 func buildTLSConfig(caCertPath string) (*tls.Config, error) {