Feature: Add "Full Disk Access" permission check for macOS client

macos/Permissions.mm

@@ -47,8 +47,43 @@ void Permissions::openAccessibilitySettings() {
     [[NSWorkspace sharedWorkspace] openURL:url];
 }
 
+bool Permissions::checkFullDiskAccess() {
+    // There's no official API to check Full Disk Access.
+    // We try to read a protected file that requires FDA permission.
+    // Safari bookmarks is a commonly used test file.
+
+    NSArray* testPaths = @[
+        [NSHomeDirectory() stringByAppendingPathComponent:@"Library/Safari/Bookmarks.plist"],
+        [NSHomeDirectory() stringByAppendingPathComponent:@"Library/Safari/CloudTabs.db"],
+        @"/Library/Application Support/com.apple.TCC/TCC.db",
+        [NSHomeDirectory() stringByAppendingPathComponent:@"Library/Application Support/com.apple.TCC/TCC.db"]
+    ];
+
+    NSFileManager* fm = [NSFileManager defaultManager];
+    for (NSString* path in testPaths) {
+        if ([fm fileExistsAtPath:path]) {
+            // File exists, try to read it
+            if ([fm isReadableFileAtPath:path]) {
+                return true;  // Can read protected file = FDA granted
+            } else {
+                return false; // File exists but can't read = FDA not granted
+            }
+        }
+    }
+
+    // If none of the test files exist, assume FDA is granted
+    // (edge case: fresh system without Safari history)
+    return true;
+}
+
+void Permissions::openFullDiskAccessSettings() {
+    // Open System Preferences -> Security & Privacy -> Privacy -> Full Disk Access
+    NSURL *url = [NSURL URLWithString:@"x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles"];
+    [[NSWorkspace sharedWorkspace] openURL:url];
+}
+
 bool Permissions::checkAllPermissions() {
-    return checkScreenCapture() && checkAccessibility();
+    return checkScreenCapture() && checkAccessibility() && checkFullDiskAccess();
 }
 
 bool Permissions::waitForPermissions(int timeoutSeconds) {