feat: add Banking TUI shell using bubbletea

Add an 80s-style green-on-black bank terminal shell ("banking") using
charmbracelet/bubbletea for full-screen TUI rendering over SSH.

Screens: login, main menu, account summary, account detail with
transactions, wire transfer wizard (6-step form capturing routing
number, destination, beneficiary, amount, memo, auth code), transaction
history with pagination, secure messages with breadcrumb content (fake
internal IPs, vault codes), change PIN, and hidden admin access (99)
that locks after 3 failed attempts with COBOL-style error output.

All key actions (login, navigation, wire transfers, admin attempts) are
logged to the session store. Wire transfer data is the honeypot gold.

Configurable via [shell.banking] in TOML: bank_name, terminal_id, region.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

internal/shell/banking/screen_login.go

@@ -0,0 +1,103 @@
+package banking
+
+import (
+	"fmt"
+	"strings"
+
+	tea "github.com/charmbracelet/bubbletea"
+)
+
+type loginModel struct {
+	accountNum string
+	pin        string
+	stage      int // 0 = account, 1 = pin, 2 = authenticating
+	bankName   string
+}
+
+func newLoginModel(bankName string) loginModel {
+	return loginModel{bankName: bankName}
+}
+
+func (m loginModel) Update(msg tea.Msg) (loginModel, tea.Cmd) {
+	keyMsg, ok := msg.(tea.KeyMsg)
+	if !ok {
+		return m, nil
+	}
+
+	switch keyMsg.Type {
+	case tea.KeyEnter:
+		if m.stage == 0 && m.accountNum != "" {
+			m.stage = 1
+			return m, nil
+		}
+		if m.stage == 1 && m.pin != "" {
+			m.stage = 2
+			return m, nil
+		}
+	case tea.KeyBackspace:
+		if m.stage == 0 && len(m.accountNum) > 0 {
+			m.accountNum = m.accountNum[:len(m.accountNum)-1]
+		} else if m.stage == 1 && len(m.pin) > 0 {
+			m.pin = m.pin[:len(m.pin)-1]
+		}
+	default:
+		ch := keyMsg.String()
+		if len(ch) == 1 && ch[0] >= 32 && ch[0] < 127 {
+			if m.stage == 0 && len(m.accountNum) < 20 {
+				m.accountNum += ch
+			} else if m.stage == 1 && len(m.pin) < 12 {
+				m.pin += ch
+			}
+		}
+	}
+	return m, nil
+}
+
+func (m loginModel) View() string {
+	var b strings.Builder
+
+	b.WriteString("\n")
+	b.WriteString(centerText(m.bankName + " ONLINE BANKING"))
+	b.WriteString("\n")
+	b.WriteString(centerText("AUTHORIZED ACCESS ONLY"))
+	b.WriteString("\n\n")
+	b.WriteString(thinDivider())
+	b.WriteString("\n\n")
+
+	b.WriteString(titleStyle.Render("  ACCOUNT NUMBER: "))
+	if m.stage == 0 {
+		b.WriteString(inputStyle.Render(m.accountNum))
+		b.WriteString(inputStyle.Render("_"))
+	} else {
+		b.WriteString(baseStyle.Render(m.accountNum))
+	}
+	b.WriteString("\n\n")
+
+	if m.stage >= 1 {
+		b.WriteString(titleStyle.Render("  PIN:            "))
+		masked := strings.Repeat("*", len(m.pin))
+		if m.stage == 1 {
+			b.WriteString(inputStyle.Render(masked))
+			b.WriteString(inputStyle.Render("_"))
+		} else {
+			b.WriteString(baseStyle.Render(masked))
+		}
+		b.WriteString("\n")
+	}
+
+	if m.stage == 2 {
+		b.WriteString("\n")
+		b.WriteString(baseStyle.Render("  AUTHENTICATING..."))
+		b.WriteString("\n")
+	}
+
+	b.WriteString("\n")
+	b.WriteString(thinDivider())
+	b.WriteString("\n\n")
+	b.WriteString(dimStyle.Render("  WARNING: UNAUTHORIZED ACCESS TO THIS SYSTEM IS A FEDERAL CRIME"))
+	b.WriteString("\n")
+	b.WriteString(dimStyle.Render(fmt.Sprintf("  UNDER 18 U.S.C. %s 1030. ALL ACTIVITY IS MONITORED AND LOGGED.", "\u00A7")))
+	b.WriteString("\n")
+
+	return b.String()
+}