Step 17: Encryption core — passphrase-only, selective per-file.

Manifest schema: Entry gains Encrypted, PlaintextHash fields.
Manifest gains Encryption section with KekSlots map (passphrase slot
with Argon2id params, salt, and wrapped DEK as base64).

garden/encrypt.go: EncryptInit (generate DEK, wrap with passphrase KEK),
UnlockDEK (derive KEK, unwrap), encryptBlob/decryptBlob using
XChaCha20-Poly1305 with random 24-byte nonces.

Modified operations:
- Add: optional encrypt flag, stores encrypted blob + plaintext_hash
- Checkpoint: detects changes via plaintext_hash, re-encrypts
- Restore: decrypts encrypted blobs before writing
- Diff: decrypts stored blob before comparing
- Status: compares against plaintext_hash for encrypted entries

10 tests covering init, persistence, unlock, add-encrypted, restore
round-trip, checkpoint, status, diff, requires-DEK guard.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

garden/diff.go

@@ -33,6 +33,16 @@ func (g *Garden) Diff(path string) (string, error) {
 		return "", fmt.Errorf("reading stored blob: %w", err)
 	}
 
+	if entry.Encrypted {
+		if g.dek == nil {
+			return "", fmt.Errorf("DEK not unlocked; cannot diff encrypted file %s", tilded)
+		}
+		stored, err = g.decryptBlob(stored)
+		if err != nil {
+			return "", fmt.Errorf("decrypting stored blob: %w", err)
+		}
+	}
+
 	current, err := os.ReadFile(abs)
 	if err != nil {
 		return "", fmt.Errorf("reading current file: %w", err)