Summary
- POST /v1/dids now requires a password field; relay hashes it with argon2id and stores the PHC string in accounts.password_hash, enabling createSession for the promoted account
- perform_did_ceremony Tauri command updated to accept password: String and include it in the relay request
- New PasswordScreen.svelte collects and confirms the password during onboarding (min 8 chars, confirm-match validation); wired into the state machine between handle and loading
Test plan
- cargo test -p relay -- routes::create_did::tests::with_password_account_can_call_create_session passes
- cargo test -p identity-wallet -- tests::create_did_request_serializes_password_and_camel_case passes
- Full relay test suite: 9 pass, 3 fail (pre-existing wiremock sandbox failures only)
- Manual: complete onboarding in iOS Simulator and verify createSession succeeds with chosen password
- Manual: verify Continue button stays disabled until both fields match and are ≥ 8 chars