fix(macos): host libmdbx DB under Application Support to avoid TCC permission denial on launch

On macOS, the libmdbx / Isar database lives under
`getApplicationDocumentsDirectory()` -> `~/Documents/...`. With iCloud
Drive's "Desktop & Documents Folders" sync enabled (a common default),
macOS protects ~/Documents with TCC and denies unsigned / sideloaded /
dev / not-yet-permission-granted builds the file access libmdbx needs
to open its database. The result is a black screen on launch with the
following error in the Flutter / app log:

    [ERROR:flutter/runtime/dart_isolate.cc(1402)] Unhandled exception:
    IsarError: Cannot open Environment: MdbxError (13): Permission denied

POSIX errno 13 is EACCES, raised by the OS for the access denial — not
errno 15 (ENOTBLK / "Block device required"), and not iCloud "Optimise
Mac Storage" evicting files. Verified on macOS 26.3 / Apple Silicon
with iCloud Desktop & Documents sync active: a Terminal `mkdir`+`echo
> file` to the same path succeeds (Terminal inherits the user's TCC
grant), but the unsigned dev build fails on first DB open with the
error above.

Fix: on macOS only, host the database under `getApplicationSupport-
Directory()` -> `~/Library/Application Support/<bundle id>/...`. That
location is app-private, not TCC-gated, and Apple's recommended
location for app data files. iOS, Windows, Linux are unchanged — they
keep using Documents (iOS for Files-app visibility next to backups,
Windows / Linux because Documents is the conventional location and
neither has TCC).

Includes a one-shot best-effort migration: existing macOS users with a
DB at `~/Documents/Mangayomi/databases/` have it renamed to the new
path on first launch. Migration is skipped if the new location is
non-empty so we never overwrite user data, and any failure falls back
to a fresh DB rather than crashing on launch (the user can then move
the legacy directory manually if needed). Subsequent launches skip the
migration branch because the new path already exists.

Repro
- macOS with iCloud Drive's "Desktop & Documents Folders" sync enabled
- Unsigned / sideloaded / dev build of Mangayomi (or signed build that
  hasn't yet received the user's "Files and Folders > Documents" TCC
  grant)
- Launch -> black screen, IsarError MdbxError (13)

Verification
- Reproduced the exact error on this branch's parent commit
  (upstream/main 25c1d72c) on macOS 26.3, iCloud Desktop & Documents
  sync active, captured `MdbxError (13): Permission denied`
- After this patch the same build launches cleanly and opens the
  database at `~/Library/Application Support/<bundle>/Mangayomi/
  databases/mangayomiDb.isar`
- Existing 15 MB Isar database from a prior run preserved through the
  rebuild — no data loss

Notes
- This is a narrower follow-up to the earlier proposed Application-
  Support move that was correctly rejected for being cross-platform
  and missing migration. This change is gated by `Platform.isMacOS`
  and migrates existing macOS users.
- Hive (`Hive.initFlutter` in main.dart) still uses Documents on
  macOS. It is initialized after Isar via `_postLaunchInit` and is
  unawaited, so a Hive failure wouldn't reproduce the black screen.
  If Hive turns out to be affected by the same TCC denial, a
  follow-up PR can move it the same way.

lib/providers/storage_provider.dart

@@ -181,7 +181,17 @@ class StorageProvider {
   }
 
   Future<Directory?> getDatabaseDirectory() async {
-    final dir = await getApplicationDocumentsDirectory();
+    // On macOS, host the libmdbx / Isar database under Application Support
+    // (app-private, not TCC-gated) instead of Documents. macOS denies
+    // unsigned/sideloaded/dev builds access to ~/Documents when iCloud
+    // "Desktop & Documents Folders" sync is enabled, surfacing as
+    // `IsarError: Cannot open Environment: MdbxError (13): Permission denied`
+    // and a black screen on launch. iOS keeps Documents so the DB remains
+    // visible alongside backups via the Files app. Windows / Linux are
+    // untouched — Documents is the conventional location there.
+    final dir = Platform.isMacOS
+        ? await getApplicationSupportDirectory()
+        : await getApplicationDocumentsDirectory();
     String dbDir;
     if (Platform.isAndroid) return dir;
     if (Platform.isIOS) {
@@ -191,10 +201,47 @@ class StorageProvider {
     } else {
       dbDir = path.join(dir.path, 'Mangayomi', 'databases');
     }
+    if (Platform.isMacOS) {
+      await _migrateLegacyMacosDatabase(dbDir);
+    }
     await createDirectorySafely(dbDir);
     return Directory(dbDir);
   }
 
+  /// One-shot migration: if a pre-existing macOS user has their database
+  /// under the legacy Documents path and the new Application Support path
+  /// is empty, rename it across so library / history / progress are not
+  /// silently reset. Subsequent launches skip this branch because the new
+  /// path already exists.
+  Future<void> _migrateLegacyMacosDatabase(String newDbDir) async {
+    try {
+      final docs = await getApplicationDocumentsDirectory();
+      final legacyDir = Directory(
+        path.join(docs.path, 'Mangayomi', 'databases'),
+      );
+      if (!await legacyDir.exists()) return;
+      final newDir = Directory(newDbDir);
+      if (await newDir.exists()) {
+        // Only migrate when the new location is empty — never overwrite.
+        final entries = await newDir
+            .list(followLinks: false)
+            .take(1)
+            .toList();
+        if (entries.isNotEmpty) return;
+      }
+      await Directory(path.dirname(newDbDir)).create(recursive: true);
+      await legacyDir.rename(newDbDir);
+      debugPrint(
+        '[storage] Migrated macOS DB from ${legacyDir.path} to $newDbDir',
+      );
+    } catch (e) {
+      // Migration is best-effort. Falling back to a fresh DB is preferable
+      // to crashing on launch — the user can manually move the legacy
+      // ~/Documents/Mangayomi/databases/ contents if needed.
+      debugPrint('[storage] macOS DB migration skipped: $e');
+    }
+  }
+
   Future<Directory?> getGalleryDirectory() async {
     String gPath;
     if (Platform.isAndroid) {