Harden build and config security

- Uncomment *.jks and *.keystore in .gitignore to prevent
  accidental keystore commits
- Disable android:allowBackup to prevent ADB data extraction
- Add distributionSha256Sum to gradle-wrapper.properties for
  tamper detection of Gradle distributions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.gitignore

@@ -42,9 +42,8 @@ captures/
 *.iws
 
 # Keystore files
-# Uncomment the following lines if you do not want to check your keystore files in.
-#*.jks
-#*.keystore
+*.jks
+*.keystore
 
 # External native build folder generated in Android Studio 2.2 and later
 .externalNativeBuild

app/src/main/AndroidManifest.xml

@@ -17,7 +17,7 @@
     <uses-feature android:glEsVersion="0x00020000" android:required="true" />
 
     <application
-        android:allowBackup="true"
+        android:allowBackup="false"
         android:icon="@mipmap/ic_launcher"
         android:label="@string/app_name"
         android:roundIcon="@mipmap/ic_launcher_round"

gradle/wrapper/gradle-wrapper.properties

@@ -1,4 +1,5 @@
 distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStorePath=wrapper/dists