v0.2.0: Deep forensic scanner, honeypots, duress system, anti-forensics hardening

New modules:
- Deep forensic scanner (MVT-style): background + on-demand full analysis
  SMS/call log/browser/dumpsys/battery/cert store/logcat/data usage
- Anti-forensics hardening: 15 measures (USB, ADB, logging, memory, TRIM)
- Duress/panic trigger: power button sequence, duress PIN, CLI panic
- SMS honeypot: fake GPS location spoofing on silent SMS detection
- App permissions honeypot: audit dangerous combos, revoke, sandbox,
  feed fake data to spyware apps
- IOC auto-updater: scheduled updates from backend or git sources (WIP)

Fixes:
- Removed SKIPUNZIP=1 (fixes module.prop OS error 2)
- Deferred FrostGuard baseline to first boot (no more install hang)
- Added volume key selection for FrostGuard and initial scan during install

service.sh

@@ -36,6 +36,26 @@ WRAPPER
     chmod 755 /data/local/tmp/vigil
 }
 
+# Generate file integrity baseline if needed (deferred from install)
+if [ -f "$VIGIL_DATA/.needs_baseline" ]; then
+    log_vigil "Generating file integrity baseline in background..."
+    (
+        "$MODDIR/vigil/lib/integrity.sh" baseline >> "$VIGIL_LOG" 2>&1
+        rm -f "$VIGIL_DATA/.needs_baseline"
+        log_vigil "File integrity baseline complete"
+    ) &
+fi
+
+# Run deferred threat scan if requested during install
+if [ -f "$VIGIL_DATA/.needs_scan" ]; then
+    log_vigil "Running deferred threat scan in background..."
+    (
+        "$MODDIR/vigil/lib/scanner.sh" quick >> "$VIGIL_LOG" 2>&1
+        rm -f "$VIGIL_DATA/.needs_scan"
+        log_vigil "Deferred threat scan complete"
+    ) &
+fi
+
 # Start the main daemon
 log_vigil "Starting vigild daemon"
 nohup "$VIGIL_BIN/vigild" >> "$VIGIL_LOG" 2>&1 &