v1.2.0 — Linux Flasher, Kali Creator, fixed flashing & counterfeit detection

New features:
- Linux Flasher tab: download+decompress+flash pipeline for RPi OS, Ubuntu,
  Debian, Fedora, Kali, DietPi, Alpine, Arch ARM with built-in image catalog
- Kali Creator tab: 4 sub-tabs for USB/SD, VM creation, Docker/Podman
  container pulls, and cloud image downloads
- DownloadManager: async downloads with resume support and speed tracking
- Decompressor: streaming .xz (xz-embedded), .gz (zlib), .zip decompression
- ImageCatalog: built-in catalog + remote fetch from rpi-imager JSON endpoint
- SevenZipExtractor: QProcess wrapper for 7z.exe with progress parsing
- Bundled xz-embedded third-party library for native XZ decompression

Bug fixes:
- Fixed VirtualDisk::flashToDisk() — added FSCTL_ALLOW_EXTENDED_DASD_IO,
  FSCTL_LOCK_VOLUME, FSCTL_DISMOUNT_VOLUME, 32MB aligned buffers,
  WriteFile retry logic (3 attempts), FlushFileBuffers before close
- Fixed VirtualDisk::captureFromDisk() with same improvements
- Fixed ImagingTab::onFlashIso() — now populates targetVolumeLetters from
  disk snapshot so IsoFlasher can properly lock/dismount volumes
- Fixed SD card counterfeit detection false positives:
  - Changed from write-one-read-one to write-all-then-read-all algorithm
    to properly detect NAND address wrapping on fake cards
  - Added volume lock/dismount before probing to prevent filesystem
    interference (journal writes, metadata updates)
  - Added FSCTL_ALLOW_EXTENDED_DASD_IO for probes near end of disk
  - Fixed overly aggressive vendor string check — USB card readers
    legitimately report "USB"/"Mass Storage", no longer flagged
  - Added handle re-open between write and verify phases to defeat
    USB reader hardware cache
- README: documented how to unlock the secret menu, added new feature docs

cmake/GenerateKey.cmake

@@ -1,10 +1,12 @@
 # GenerateKey.cmake — Build-time 1337-bit key generation
 # Compiles and runs the keygen tool to produce:
 #   1. generated/EmbeddedKey.h (compiled into the app)
-#   2. resources/garbage.xtx   (distributed read-only alongside the app)
+#   2. resources/garbage.xtx   (distributed alongside the app)
+#
+# garbage.xtx is regenerated on EVERY build — it is unique to each build
+# and must match the EmbeddedKey.h baked into that specific binary.
 
 set(KEYGEN_SOURCE "${CMAKE_SOURCE_DIR}/tools/keygen.cpp")
-set(KEYGEN_BINARY "${CMAKE_BINARY_DIR}/tools/keygen${CMAKE_EXECUTABLE_SUFFIX}")
 set(GENERATED_DIR "${CMAKE_BINARY_DIR}/generated")
 set(GENERATED_KEY_HEADER "${GENERATED_DIR}/EmbeddedKey.h")
 set(GARBAGE_XTX "${CMAKE_SOURCE_DIR}/resources/garbage.xtx")
@@ -12,7 +14,7 @@ set(GARBAGE_XTX "${CMAKE_SOURCE_DIR}/resources/garbage.xtx")
 file(MAKE_DIRECTORY ${GENERATED_DIR})
 file(MAKE_DIRECTORY "${CMAKE_BINARY_DIR}/tools")
 
-# Step 1: Compile keygen tool (runs on host at configure/build time)
+# Step 1: Compile keygen tool
 add_executable(spw_keygen EXCLUDE_FROM_ALL "${KEYGEN_SOURCE}")
 if(WIN32)
     target_link_libraries(spw_keygen PRIVATE bcrypt)
@@ -21,13 +23,12 @@ set_target_properties(spw_keygen PROPERTIES
     RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/tools"
 )
 
-# Step 2: Run keygen to produce header + garbage.xtx
-add_custom_command(
-    OUTPUT "${GENERATED_KEY_HEADER}" "${GARBAGE_XTX}"
-    COMMAND spw_keygen "${GENERATED_KEY_HEADER}" "${GARBAGE_XTX}"
-    DEPENDS spw_keygen "${KEYGEN_SOURCE}"
-    COMMENT "Generating 1337-bit cryptographic key and garbage.xtx..."
+# Step 2: Always-run target — regenerates both EmbeddedKey.h and garbage.xtx
+# every build so the key and .xtx file are always in sync with the binary.
+# Using add_custom_target (not add_custom_command) so it runs unconditionally.
+add_custom_target(generate_key ALL
+    COMMAND $<TARGET_FILE:spw_keygen> "${GENERATED_KEY_HEADER}" "${GARBAGE_XTX}"
+    DEPENDS spw_keygen
+    COMMENT "Generating build-specific 1337-bit key and garbage.xtx..."
     VERBATIM
 )
-
-add_custom_target(generate_key DEPENDS "${GENERATED_KEY_HEADER}" "${GARBAGE_XTX}")