feat: add telemetry opt-in for anonymous usage statistics

[chernistry]

Summary

Add an opt-in telemetry system that collects anonymous usage statistics to help prioritize development. This must be strictly opt-in (off by default), collect no personally identifiable information, and be fully transparent about what is collected.

Why This Matters

• Without data, feature prioritization is guesswork
• Understanding real usage patterns helps focus development on what matters
• Knowing which languages are most used guides language support priorities
• Crash reports help fix bugs users don't report
• Opt-in telemetry is an accepted practice when done transparently (VS Code, Firefox, Homebrew)

Privacy Principles (Non-Negotiable)

1. Opt-in only -- disabled by default, user must explicitly enable
2. No PII -- no usernames, no IP addresses, no text content, no file paths
3. Transparent -- user can see exactly what would be sent before opting in
4. Local preview -- show collected data in the app before sending
5. Easy opt-out -- one click to disable, all local data deleted on opt-out
6. Open source -- telemetry code is fully visible in the repo
7. Minimal -- collect only what is needed, nothing more

What Would Be Collected

Per-session aggregate (sent once per day):

{
  "app_version": "1.3.0",
  "macos_version": "15.2",
  "session_id": "random-uuid-regenerated-daily",
  "corrections_count": 47,
  "languages_used": ["en-ru", "en-he"],
  "detection_accuracy_self_reported": 0.94,
  "undo_count": 3,
  "active_hours": 6,
  "crash_count": 0
}

What is NOT collected:

• Keystroke content (never, under any circumstances)
• Words or text that was corrected
• Application names
• File paths or URLs
• User identity or machine identity
• IP address (stripped at server)

Implementation Plan

1. Settings UI

File: RightLayout/Sources/UI/SettingsView.swift

Add a Telemetry section with:

• Toggle: "Help improve RightLayout by sending anonymous usage statistics"
• "What we collect" list
• "What we NEVER collect" list
• "View collected data" button showing the exact JSON payload

2. Data Collection

File: RightLayout/Sources/Telemetry/TelemetryCollector.swift (new)

• Aggregate correction events into daily summaries
• Store locally until user opts in
• On opt-in: send daily summary to endpoint
• On opt-out: delete all stored data

3. Data Transmission

• HTTPS POST to a simple endpoint
• Strip IP at the edge (Cloudflare Workers or similar)
• Retry on failure, do not block the app
• Send at most once per day

4. Data Preview

• "View collected data" button shows the exact JSON payload
• User sees what will be sent before it is sent
• Builds trust through transparency

Acceptance Criteria

• Telemetry is OFF by default
• User must explicitly opt in via Settings
• Collected data contains no PII
• "View collected data" shows exact payload
• Opt-out deletes all local telemetry data
• Data sent at most once per day
• App functions identically with telemetry on or off
• Privacy policy / data collection notice in README

References

• VS Code telemetry approach (https://code.visualstudio.com/docs/getstarted/telemetry) -- good model
• PostHog (https://posthog.com/) -- open-source analytics platform
• Plausible (https://plausible.io/) -- privacy-focused analytics