fix(secret): carry BIP39 passphrase in Unlock protocol variant

The Unlock variant had a single  field used as the
mnemonic, with no way to convey the BIP39 password extension (25th word).
The actor handler silently passed  for the passphrase, making it
impossible to unlock with a BIP39 passphrase via irpc.

Split into  +  to match
the spec and SecretServiceHandle::unlock() signature.

crates/alknet-secret/src/protocol.rs

@@ -192,15 +192,18 @@ pub enum SecretProtocol {
     #[wrap(Lock)]
     Lock,
 
-    /// Unlock the service with a BIP39 passphrase.
+    /// Unlock the service with a BIP39 mnemonic and optional passphrase.
     ///
-    /// The passphrase is used to derive the master seed from the mnemonic.
-    /// After unlocking, derive and encrypt/decrypt operations are available.
+    /// The mnemonic is the space-separated BIP39 word list. The passphrase is
+    /// the optional BIP39 password extension (the "25th word"). After unlocking,
+    /// derive and encrypt/decrypt operations are available.
     #[rpc(tx = irpc::channel::oneshot::Sender<Result<(), crate::service::SecretServiceError>>)]
     #[wrap(Unlock)]
     Unlock {
-        /// The BIP39 passphrase (may be empty for no passphrase).
-        passphrase: String,
+        /// The BIP39 mnemonic phrase (space-separated word list).
+        mnemonic: String,
+        /// Optional BIP39 passphrase (the "25th word" password extension).
+        passphrase: Option<String>,
     },
 }