[PM-28790] [PM-18938] Isolate decryption support for type 0 keys

[eligrubb]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-18938

📔 Objective

Isolates Type 0 key decryption to the master_key.rs:decrypt_user_key() flow. All other uses now raise new bitwarden-crypto error UnsupportedOperationError::DecryptionNotImplementedForKey.

This is another small step in deprecating use of legacy Type 0 keys in the sdk, see tech breakdown. Type 0 keys have been deprecated from active use for a long time, this continues the process of removing their functionality while still supporting master key decryption for old accounts.

Type 0-based encryption was already deprecated in a prior PR, this change isolates decryption. Prior work isolated clients to use only the master_key.rs:decrypt_user_key path (in TS clients, via PureCrypto.decrypt_user_key_with_master_key #465). Other uses of type 0 keys are expected to now throw an error.

🚨 Breaking Changes

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation
  team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
  issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[bitwarden-bot]

Thank you for your contribution! We've added this to our internal tracking system for review.
ID: PM-28790
Link: https://bitwarden.atlassian.net/browse/PM-28790

Details on our contribution process can be found here: https://contributing.bitwarden.com/contributing/pull-requests/community-pr-process.

[CLAassistant]

All committers have signed the CLA.

[codecov]

Codecov Report

❌ Patch coverage is 88.78505% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 79.56%. Comparing base (f75a58c) to head (3b7cd20).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
crates/bitwarden-crypto/src/store/context.rs	88.05%	8 Missing ⚠️
...rates/bitwarden-crypto/src/enc_string/symmetric.rs	77.77%	2 Missing ⚠️
crates/bitwarden-crypto/src/keys/master_key.rs	93.54%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #583      +/-   ##
==========================================
+ Coverage   79.51%   79.56%   +0.05%     
==========================================
  Files         302      302              
  Lines       32311    32403      +92     
==========================================
+ Hits        25691    25783      +92     
  Misses       6620     6620              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.