feat: add private key viewing for addresses

Add a 'Show private key' button on the address detail view that opens
a dedicated password-prompt screen with a clear warning about key
sensitivity. After correct password entry, the derived private key is
displayed in a read-only well with a copy button.

- Add getPrivateKeyForAddress() to wallet.js
- Add showPrivateKey view with password verification
- Add clipboard policy section to README explaining why we never
  auto-clear the clipboard
- Register new view in helpers.js VIEWS array and wire up in index.js

Closes #19

README.md

@@ -213,6 +213,22 @@ create an address with the same visible characters and trick the user into
 sending funds to it. Showing the complete identifier defeats this class of
 attack.
 
+#### Clipboard Policy
+
+AutistMask never clears or overwrites the user's clipboard. When sensitive data
+such as a private key is copied, it is the user's responsibility to manage their
+clipboard afterwards. We deliberately avoid auto-clearing the clipboard for two
+reasons:
+
+1. **User expectations**: silently modifying the clipboard violates the
+   principle of least surprise. The user initiated the copy and knows the
+   content is sensitive.
+2. **Data safety**: the user may have copied something else important in the
+   intervening time. A timed clipboard clear would destroy that unrelated data.
+
+The warning shown before revealing a private key makes it clear that the key is
+sensitive and that clipboard management is the user's responsibility.
+
 #### Data Model
 
 The core hierarchy is **Wallets → Addresses**:
@@ -316,15 +332,34 @@ transitions.
     - Balance list: ETH + tracked ERC-20 tokens (4 decimal places, USD inline).
       Each balance row is clickable → **AddressToken**
     - Send / Receive / + Token buttons
+    - "Show private key" button
     - Transaction list (with ENS resolution for counterparties)
 - **Transitions**:
     - Tap balance row → **AddressToken** (for that token)
     - "Send" → **Send**
     - "Receive" → **Receive**
     - "+ Token" → **AddToken**
+    - "Show private key" → **ShowPrivateKey**
     - Tap transaction row → **TransactionDetail**
     - "Back" → **Home**
 
+#### ShowPrivateKey
+
+- **When**: User clicked "Show private key" on AddressDetail.
+- **Elements**:
+    - "Back" button
+    - Title: "Display Private Key"
+    - Warning box (lock + money icons) explaining the key controls funds and
+      that the user is responsible for clipboard management
+    - Password input
+    - "Display Private Key" button (with lock + money icons)
+    - After reveal: private key in a read-only well (monospace, select-all),
+      Copy button, Done button
+- **Transitions**:
+    - "Display Private Key" (correct password) → reveals key in-place
+    - "Copy" → copies key to clipboard
+    - "Done" / "Back" → **AddressDetail** (key cleared from DOM)
+
 #### AddressToken
 
 - **When**: User clicked a specific token balance on AddressDetail.