feat: per-form permission granularity (PRO)

[andrii-trush]

Summary

• Registers a per-form permission view decrypted {form-handle} sensitive fields using Statamic's native {placeholder} + replacements() mechanism (same pattern as view {collection} entries)
• The existing global permission view decrypted sensitive fields becomes a wildcard — fully backward-compatible; no role changes required for existing installations
• isAuthorized() renamed to isAuthorizedForForm(string $formHandle) in both DecryptingSubmissionRepository and DecryptingSubmissionQueryBuilder; checks global permission first, then per-form

Test plan

• All 32 existing tests pass (vendor/bin/phpunit)
• New test: per-form permission grants decrypted access to the correct form
• New test: per-form permission does not grant access to other forms (scope isolation)
• Manual: open CP → Users → Roles, confirm per-form permission entries appear per registered form
• Manual: assign per-form role to a user, confirm they see plaintext in one form and •••••• in another