[Privacy] Document what is filtered before persistence

[Longfellow1]

Background

KeyPulse should not ask users to trust a privacy promise after collection. The repository needs to explain what data is dropped, redacted, or paused before it reaches durable storage.

Task

Document the privacy boundary in a way a skeptical Mac and Obsidian user can inspect.

Acceptance criteria

• Document app blacklist behavior
• Document raw keystroke non-collection
• Document field-level redaction
• Document camera-aware capture pause
• Document private browsing exclusion
• Link the privacy explanation from the README