Add nextcloud-e2ee-verify CLI tool for offline E2EE metadata validation

[Copilot]

Adds a standalone command-line tool for offline validation of Nextcloud E2EE folder metadata (v2.0+ only). Takes a private key + certificate, decrypts and structurally validates metadata JSON without any server connection or running client.

Summary

src/cmd/e2ee_verify_metadata.cpp (new)

Sequential validation pipeline:

1. OCS envelope detection and unwrapping
2. Version guard — rejects < 2.0 immediately
3. Schema validation — required fields/types for root vs. nested folders
4. RSA-OAEP-SHA256 metadata key decryption via raw OpenSSL EVP, matched by certificate SHA-256 fingerprint
5. AES-128-GCM decrypt (tag = last 16 bytes) + gzip decompress using zlib
6. Decrypted inner JSON structure validation (files, folders, counter, keyChecksums, per-file fields)
7. Key checksum: SHA-256(key[0..15]) must appear in keyChecksums
8. Optional detached CMS/PKCS#7 signature verification, mirroring verifySignatureCryptographicMessageSyntax

Nested folder support via --nested --metadata-key <base64> (key inherited from root run).

No libsync/libp11 dependency — crypto is implemented directly with OpenSSL EVP + zlib + Qt::Network (QSslCertificate for cert fingerprinting).

src/cmd/CMakeLists.txt (modified)

Added nextcloud-e2ee-verify target inside if(NOT BUILD_LIBRARIES_ONLY), linking Qt::Core Qt::Network OpenSSL::Crypto ZLIB::ZLIB. No new find_package calls needed.

Checklist

• Sign-off message is added to all commits.
• The commit history is clean with no merge commits.
  • How to rebase your commits
  • How to squash commits with rebase
• Uploaded screenshots from before and after for UI changes.
• Documentation has been updated or is not required.
• Backports requested where applicable (critical bugfixes).
• Labels added where applicable (bug/enhancement).
• Milestone added for target version.

AI (if applicable)

• The content of this PR was partly or fully generated using AI