fix: remove insecure empty folder cleanup logic to prevent critical data loss (#320)

- Removes clean_empty_library_items functionality that incorrectly deleted critical paths (e.g., Postgres data, Steam locks)
- Cleans up associated tests and unnecessary protection rules
- Ensures empty folders are preserved by default for safety

tests/clean_apps.bats

@@ -114,3 +114,4 @@ EOF
     [ "$status" -eq 0 ]
     [[ "$output" == "ok" ]]
 }
+

tests/clean_core.bats

@@ -264,91 +264,4 @@ EOF
     [[ "$output" == *"Time Machine backup in progress, skipping cleanup"* ]]
 }
 
-@test "clean_empty_library_items removes nested empty directories in Application Support" {
-    # Create nested empty directory structure
-    mkdir -p "$HOME/Library/Application Support/UninstalledApp1/SubDir/DeepDir"
-    mkdir -p "$HOME/Library/Application Support/UninstalledApp2/Cache"
-    mkdir -p "$HOME/Library/Application Support/ActiveApp/Data"
-    mkdir -p "$HOME/Library/Caches/EmptyCache/SubCache"
 
-    # Create a file in ActiveApp to make it non-empty
-    touch "$HOME/Library/Application Support/ActiveApp/Data/config.json"
-
-    # Create top-level empty directory in Library
-    mkdir -p "$HOME/Library/EmptyTopLevel"
-
-    run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc << 'EOF'
-set -euo pipefail
-source "$PROJECT_ROOT/lib/core/common.sh"
-source "$PROJECT_ROOT/lib/clean/user.sh"
-
-# Mock dependencies
-is_path_whitelisted() { return 1; }
-is_critical_system_component() { return 1; }
-bytes_to_human() { echo "$1"; }
-note_activity() { :; }
-safe_clean() {
-    # Actually remove the directories for testing
-    for path in "$@"; do
-        if [ "$path" != "${@: -1}" ]; then  # Skip the description (last arg)
-            rm -rf "$path" 2>/dev/null || true
-        fi
-    done
-}
-
-clean_empty_library_items
-EOF
-
-    [ "$status" -eq 0 ]
-
-    # Empty nested dirs should be removed
-    [ ! -d "$HOME/Library/Application Support/UninstalledApp1" ]
-    [ ! -d "$HOME/Library/Application Support/UninstalledApp2" ]
-    [ ! -d "$HOME/Library/Caches/EmptyCache" ]
-    [ ! -d "$HOME/Library/EmptyTopLevel" ]
-
-    # Non-empty directory should remain
-    [ -d "$HOME/Library/Application Support/ActiveApp" ]
-    [ -f "$HOME/Library/Application Support/ActiveApp/Data/config.json" ]
-}
-
-@test "clean_empty_library_items respects whitelist for empty directories" {
-    mkdir -p "$HOME/Library/Application Support/ProtectedEmptyApp"
-    mkdir -p "$HOME/Library/Application Support/UnprotectedEmptyApp"
-    mkdir -p "$HOME/.config/mole"
-
-    run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc << 'EOF'
-set -euo pipefail
-source "$PROJECT_ROOT/lib/core/common.sh"
-source "$PROJECT_ROOT/lib/clean/user.sh"
-
-# Mock dependencies
-is_critical_system_component() { return 1; }
-bytes_to_human() { echo "$1"; }
-note_activity() { :; }
-
-# Mock whitelist to protect ProtectedEmptyApp
-is_path_whitelisted() {
-    [[ "$1" == *"ProtectedEmptyApp"* ]]
-}
-
-safe_clean() {
-    # Actually remove the directories for testing
-    for path in "$@"; do
-        if [ "$path" != "${@: -1}" ]; then  # Skip the description (last arg)
-            rm -rf "$path" 2>/dev/null || true
-        fi
-    done
-}
-
-clean_empty_library_items
-EOF
-
-    [ "$status" -eq 0 ]
-
-    # Whitelisted directory should remain even if empty
-    [ -d "$HOME/Library/Application Support/ProtectedEmptyApp" ]
-
-    # Non-whitelisted directory should be removed
-    [ ! -d "$HOME/Library/Application Support/UnprotectedEmptyApp" ]
-}

tests/clean_user_core.bats

@@ -103,21 +103,7 @@ EOF
     [ "$status" -eq 0 ]
 }
 
-@test "clean_empty_library_items cleans empty dirs and files" {
-    run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" /bin/bash --noprofile --norc <<'EOF'
-set -euo pipefail
-source "$PROJECT_ROOT/lib/core/common.sh"
-source "$PROJECT_ROOT/lib/clean/user.sh"
-safe_clean() { echo "$2"; }
-WHITELIST_PATTERNS=()
-mkdir -p "$HOME/Library/EmptyDir"
-touch "$HOME/Library/empty.txt"
-clean_empty_library_items
-EOF
 
-    [ "$status" -eq 0 ]
-    [[ "$output" == *"Empty Library folders"* ]]
-}
 
 @test "clean_browsers calls expected cache paths" {
     run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc <<'EOF'