fix: tabled review follow-ups (key path, rotation warning, CRLF idempotency)

[fonkamloic]

Closes out the main-lineage items tabled (Medium/Low) from the PR #18 reviews:

• Key path derivation (Medium): the public key is now located next to the stored signing-key path from ~/.flutter_compilerc first, so keys generate --output-dir <custom> users get the key embedded in codepush.yaml; falls back to the default location.
• Rotation-aware preserve warning (Medium): when init preserves an existing embedded key because no local key file exists, it now warns that a rotated-out key may have been preserved and points at fcp codepush keys register.
• CRLF-safe idempotency (Low): the keys register up-to-date check normalizes line endings before comparing.

The remaining two tabled items (atomic restore write, pid-qualified temp file) live on the checkpoint lineage and follow in a separate PR.

[claude]

Review — PR #22

All three stated goals are correctly implemented. No Critical findings.

---

Medium — Asymmetric CRLF coverage in _codepush_keys.dart

The idempotency guard is now CRLF-normalised (good), but the code path that fires when a different key is being registered still operates on the raw content string:

final hadKey = kPublicKeyYamlBlockPattern.hasMatch(content);   // raw CRLF
content = content.replaceAll(kPublicKeyYamlBlockPattern, '');  // raw CRLF

On a Windows-origin codepush.yaml whose existing public_key block carries CRLF line-endings, kPublicKeyYamlBlockPattern is unlikely to match. hadKey becomes false, the old block is not removed, the new block is appended verbatim — producing duplicate public_key entries, which breaks YAML parsing at runtime (devices can no longer verify patches).

This is pre-existing behaviour (the PR's stated scope is idempotency only), but the asymmetry — the early-return is CRLF-safe, the update path is not — is worth tracking as a follow-up. The minimal fix is to normalise content once into a local variable before all four checks (contains, hasMatch, both replaceAll calls), so the write path also gets clean LF content.

---

Low — No visible error handling for getStoredSigningKey() in _codepush_init.dart

storedSigningKeyPath: await CodePushClient.getStoredSigningKey(),

If getStoredSigningKey() throws on a missing or malformed ~/.flutter_compilerc, the exception propagates as a raw stack trace rather than a user-friendly message. This is fine if the method already swallows I/O errors internally (returning null), or if the outer run() body has a catch-all — worth a quick double-check.

---

Verdict: the three tabled items are correctly resolved. The Medium CRLF gap is pre-existing and out of stated scope; recommend tracking it as a follow-up before shipping Windows support, not blocking this merge.

[fonkamloic]

Triage: no Critical findings. Tabling the Medium (CRLF asymmetry in the key-replacement path — normalize content once before match/replace/write) as a tracked follow-up alongside the atomic-restore test from #23. Merging per the severity policy.