Improve configuration-related e2ee wording

[wrobelda]

I am a new user to Nextcloud. I would consider myself a power-user, but I got totally thrown under a bus by the e2e configuration AND the misleading wording in the UI. Specifically, the UI uses the "enabled", "supported", "activated", "set up", "start", "reset", etc. in an inconsequential, often interchangable way. It's all over the place and makes it really hard to understand what is going on in the UI, as well as in the code itself.

I also noticed the iOS client mixes the verbiage even more, by also using "activated" and "start":

"_e2e_settings_"                    = "End-to-end encryption";
"_e2e_settings_start_"              = "Start end-to-end encryption";
"_e2e_settings_activated_"          = "End-to-end encryption activated";
"_e2e_server_disabled_"             = "End-to-end encryption app disabled on server";

I will file a separate PR for this once this one gets cleared for merging.

Moreover, even the code itself confuses the "enabled for account" with "set up for the device" :

void AccountSettings::disableEncryptionForAccount(const AccountPtr &account) const
{
    QMessageBox dialog;
    dialog.setWindowTitle(tr("Disable end-to-end encryption"));
    dialog.setText(tr("Disable end-to-end encryption for %1?").arg(account->davUser()));
    dialog.setInformativeText(tr("Removing end-to-end encryption will remove locally-synced files that are encrypted."
                                 "<br>"
                                 "Encrypted files will remain on the server."));

disableEncryptionForAccount calls AccountSettings::resetE2eEncryption(), which effectively makes the device "forget" the e2ee configuration and the mnemonic, but does not change anything on the account itself. In particular, it does not reset the encryption on the account itself, which is a destructive and irreversible action, availble in the web UI:

As such, this PR establishes that:

• "enabled" should not be used, as it's too broad and generic, and could be applied to too many of contexts.
• "supported" means e2ee is available for the account but haven't been yet set-up (mnemonic wasn't generated). Pertains to account.
• "initialized" means the encryption certificates and a mnemonic have been issued for the account after setting up on a device (a.k.a "client side encryption is available on server"). Pertains to account.
• "set up" means the device knows the mnemonic and synchronizes the encrypted folders. Pertains to device.
  • "forget" is the action opposite to "set up". I was struggling with finding a best word for this. "Reset" is taken and implies more destructive of an action. "Remove" might be mixed up with removing/deleting data. Meanwhile "forget" seems less serious and was also used in places for the related code already.
• "reset" is a destructive action on the account itself, as described by the web UI. Pertains to the account. Not used in the client.

Last, but not least, for the e2e to actually be enabled , a user needs to explicitly enable encryption on each subfolder in the synchronized root folder. This goes against all other common/popular software that supports e2e encryption, where you simply assume everything gets encrypted by default. As such, I am confident that the UI should lend itself to the user to help them understand that they need to take an additional, explicit action for their files to actually get encrypted, which is why after properly setting up the encryption, the message box in the Settings now reads Remember to **Encrypt** a folder to end-to-end encrypt any new files added to it.

[mgallien]

@wrobelda regarding the end-to-end encryption and how it has to be enabled manually by the user
The use case for end-to-end encryption is to protect your files against a malicious server administrator.
For my own home instance, I am the user and the admin. I would have no use for end-to-end encryption and should rather secure the instance against a remote attacker.
For most people, they would only care to protect a subset of their files from being accessible to the admin and that would usually be some sensitive files (tax documents, ID card scans, ...).
That is why the feature is opt-in and enabled per folder.
You also loose some features like team folders if you want to use end-to-end encryption. Which is why the user has to decide what to do and we cannot decide on their behalf.

[github-actions]

Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6

Thank you for contributing to Nextcloud and we hope to hear from you soon!

(If you believe you should not receive this message, you can add yourself to the blocklist.)