Rename quack to quak

German for 'quack', matching the Ente (German for 'duck') naming. All
references updated: package name, CLI binary, X-Client-Package header,
test descriptions, temp dir prefixes, README, Makefile docker tag.

test/crypto/box.test.ts

@@ -1,7 +1,7 @@
 /**
  * Tests for `crypto.decryptBox` and `crypto.decryptSealed`.
  *
- * These cover the two asymmetric-and-symmetric "box" primitives quack uses
+ * These cover the two asymmetric-and-symmetric "box" primitives quak uses
  * to unwrap key material from Ente:
  *
  *   - `decryptBox`: secretbox decryption. Used everywhere a small payload
@@ -18,7 +18,7 @@
  *
  *       authToken = decryptSealed(encryptedToken, publicKey, secretKey)
  *
- * Encryption is server-side; quack only ever decrypts.
+ * Encryption is server-side; quak only ever decrypts.
  */
 
 import sodium from "libsodium-wrappers-sumo";

test/crypto/encoding.test.ts

@@ -5,7 +5,7 @@
  * Ente delivers most binary fields as standard base64 strings (with `+`,
  * `/`, and `=` padding). A few fields, notably the auth token returned by
  * the login flow, are URL-safe base64 (with `-` and `_` instead of `+` and
- * `/`, and stripped padding). quack must accept both forms on input and
+ * `/`, and stripped padding). quak must accept both forms on input and
  * produce the right form on output.
  *
  * These tests pin the contract:

test/crypto/init.test.ts

@@ -3,7 +3,7 @@
  *
  * libsodium ships as WebAssembly. The bindings (`libsodium-wrappers-sumo`)
  * load asynchronously: the runtime must `await sodium.ready` once before any
- * crypto call is safe. quack hides that detail behind a single
+ * crypto call is safe. quak hides that detail behind a single
  * `init()` function.
  *
  * Every other test in `test/crypto/**` calls `init()` in `beforeAll`. New