Problem
`webPreferences` is duplicated across three `new BrowserWindow` call sites with slightly different settings (`renderSettingsWindow` sets `sandbox: false`, the others rely on defaults). It's easy to add a fourth window that's silently weaker than the others.
Expected
- One canonical `getDefaultWebPreferences()` factory in `electron/main.ts`.
- Every window reuses it and overrides only what it actually needs.
- A comment explains why `renderSettingsWindow` requires `sandbox: false` (preload bridge) and why no other window should.
Acceptance
- Window creation goes through the shared factory.
- No behavior change in dev / packaged flows.
Problem
`webPreferences` is duplicated across three `new BrowserWindow` call sites with slightly different settings (`renderSettingsWindow` sets `sandbox: false`, the others rely on defaults). It's easy to add a fourth window that's silently weaker than the others.
Expected
Acceptance