Migrate from .NET MAUI to Expo + Convex

Complete rewrite of Scry using TypeScript stack:

- Expo/React Native with Expo Router (file-based routing)
- Convex backend (serverless functions + real-time database)
- Adaptive camera system (expo-camera in Expo Go, Vision Camera in production)
- React Native Skia + fast-opencv for image processing
- GDPR-compliant auth setup with Zitadel OIDC (pending configuration)

Key features:
- Card recognition pipeline ported to TypeScript
- Perceptual hashing (192-bit color pHash)
- CLAHE preprocessing for lighting normalization
- Local SQLite cache with Convex sync
- Collection management with offline support

Removes all .NET/MAUI code (src/, test/, tools/).

💘 Generated with Crush

Assisted-by: Claude Opus 4.5 via Crush <crush@charm.land>

lib/hooks/useUserProfile.ts

@@ -0,0 +1,115 @@
+/**
+ * Hook for fetching user profile from Zitadel OIDC userinfo endpoint.
+ * 
+ * GDPR Compliance: User profile data is never stored in our database.
+ * This hook fetches it directly from Zitadel when needed for display.
+ */
+
+import { useState, useEffect, useCallback } from "react";
+import * as SecureStore from "expo-secure-store";
+
+interface UserProfile {
+  sub: string;
+  name?: string;
+  preferredUsername?: string;
+  email?: string;
+  emailVerified?: boolean;
+  picture?: string;
+}
+
+const ACCESS_TOKEN_KEY = "zitadel_access_token";
+
+/**
+ * Hook to fetch and cache user profile from Zitadel userinfo endpoint.
+ * Profile is held in memory only - never persisted to our database.
+ */
+export function useUserProfile() {
+  const [profile, setProfile] = useState<UserProfile | null>(null);
+  const [isLoading, setIsLoading] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+
+  const fetchProfile = useCallback(async () => {
+    setIsLoading(true);
+    setError(null);
+
+    try {
+      // Get stored access token
+      const accessToken = await SecureStore.getItemAsync(ACCESS_TOKEN_KEY);
+      
+      if (!accessToken) {
+        setProfile(null);
+        return null;
+      }
+
+      const issuer = process.env.EXPO_PUBLIC_ZITADEL_ISSUER;
+      if (!issuer) {
+        throw new Error("ZITADEL_ISSUER not configured");
+      }
+
+      // Fetch from OIDC userinfo endpoint
+      const response = await fetch(`${issuer}/oidc/v1/userinfo`, {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+        },
+      });
+
+      if (!response.ok) {
+        if (response.status === 401) {
+          // Token expired - clear it
+          await SecureStore.deleteItemAsync(ACCESS_TOKEN_KEY);
+          setProfile(null);
+          return null;
+        }
+        throw new Error(`Failed to fetch user profile: ${response.status}`);
+      }
+
+      const data = await response.json();
+      
+      const userProfile: UserProfile = {
+        sub: data.sub,
+        name: data.name,
+        preferredUsername: data.preferred_username,
+        email: data.email,
+        emailVerified: data.email_verified,
+        picture: data.picture,
+      };
+
+      setProfile(userProfile);
+      return userProfile;
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Failed to fetch profile";
+      setError(message);
+      console.error("[useUserProfile]", message);
+      return null;
+    } finally {
+      setIsLoading(false);
+    }
+  }, []);
+
+  const clearProfile = useCallback(() => {
+    setProfile(null);
+    setError(null);
+  }, []);
+
+  return {
+    profile,
+    isLoading,
+    error,
+    fetchProfile,
+    clearProfile,
+  };
+}
+
+/**
+ * Store access token after successful auth (called from useAuth).
+ */
+export async function storeAccessToken(token: string): Promise<void> {
+  await SecureStore.setItemAsync(ACCESS_TOKEN_KEY, token);
+}
+
+/**
+ * Clear access token on sign out.
+ */
+export async function clearAccessToken(): Promise<void> {
+  await SecureStore.deleteItemAsync(ACCESS_TOKEN_KEY);
+}