Phase 0: menu-bar scaffold, permissions, backend health check

Native SwiftUI menu-bar app (LSUIElement, macOS 13+), generated from project.yml
via XcodeGen. Includes:
- PermissionsManager (Microphone / Screen Recording / Accessibility) + UI
- SparkControlHealth: GET /api/status over self-signed TLS (InsecureTrustDelegate)
- AppSettings persistence (host, TLS-skip, output folder, adapter toggles)
- Menu-bar panel + Settings, app sandbox & hardened runtime off (LAN tool)

Ten31Transcripts/Backend/InsecureTrustDelegate.swift

@@ -0,0 +1,24 @@
+import Foundation
+
+/// URLSession delegate that trusts the server certificate without validation.
+///
+/// SparkControl sits behind a Start9 self-signed Root CA on the LAN, so default
+/// trust evaluation rejects it. This delegate is used **only** when the
+/// "Skip TLS verification" setting is on. It trusts any server certificate —
+/// acceptable for a personal tool on a trusted local network and nothing else.
+final class InsecureTrustDelegate: NSObject, URLSessionDelegate {
+    func urlSession(
+        _ session: URLSession,
+        didReceive challenge: URLAuthenticationChallenge,
+        completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void
+    ) {
+        guard
+            challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust,
+            let serverTrust = challenge.protectionSpace.serverTrust
+        else {
+            completionHandler(.performDefaultHandling, nil)
+            return
+        }
+        completionHandler(.useCredential, URLCredential(trust: serverTrust))
+    }
+}