Stage 2 #1: SFTP destinations CRUD + connection test

Foundation for the move/quarantine pipeline. Lets users register one or
more remote SFTP destinations through the API, store credentials at rest
under /data/sftp/{id}.{password|key} (mode 600), and verify connectivity
+ write access via a test endpoint.

Endpoints:
  GET    /api/sftp/destinations
  POST   /api/sftp/destinations             — create
  PUT    /api/sftp/destinations/{id}        — update
  DELETE /api/sftp/destinations/{id}
  POST   /api/sftp/destinations/{id}/test   — connect, stat base_path, mkdir probe
  POST   /api/sftp/keypair                  — generate ED25519 keypair

Host keys pinned per-destination on first connect (TOFU); subsequent
mismatches are rejected. paramiko added to requirements.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

debian/build-deb.sh

@@ -13,7 +13,7 @@ BUILD_DIR="$REPO_ROOT/build/deb"
 
 # ── Config ────────────────────────────────────────────────────────────────────
 PKG_NAME="dupfinder"
-PKG_VERSION="1.0.11"
+PKG_VERSION="1.1.0"
 PKG_ARCH="amd64"
 DEB_FILE="${PKG_NAME}_${PKG_VERSION}_${PKG_ARCH}.deb"