[FEATURE] Mirrors and third-party repositories

[Firstp1ck]

Summary: Add Recipe-driven third-party repository setup (Chaotic AUR, Garuda, custom profiles) with idempotent config changes, backups, and clear risk guardrails.

---

1) Chaotic AUR and Garuda repository setup

Problem

Users want one-place enablement of common third-party repo bundles with correct signing keys and config snippets.

Recommended implementation

• Recipe-based: Small declarative structs in code or loaded JSON: repo name, Server URL, SigLevel, key import command sequence (or pacman-keyrecv).
• Flows: Wizard: show diff for pacman.conf snippet + trusted key steps; run as supervised privileged block.
• Idempotency: Detect if repo already enabled; no duplicate sections.

Risks

• Upstream URL or key changes; keep recipes versioned and updatable via app update.

---

2) Custom / cross-distro Arch-based repo profiles

Problem

Users on “plain” Arch want curated sets (CachyOS, Manjaro, EOS) without hand-merge errors.

Recommended implementation

• Profiles: Named presets (documentation-heavy): each maps to ordered repo additions and warnings about partial upgrades / mixed system incompatibility.
• Guardrails: Prominent modal that mixing some repos can break systems; link to Arch wiki on partial upgrades.
• Technical: Same machinery as (2); difference is metadata and warnings only.

Acceptance criteria

• Applying a profile is transactional where possible: validate pacman.conf parse before saving.
• Undo guidance or backup of previous config.

---

Cross-cutting

• All write paths: privileged command abstraction, dry-run, tests with mocked file diff output.