Improve the call signatures for LicenseBlurb so it's more useful in more cases.

To be more resilient to version changes, set the opcode for CliVersion to a small number and never change it, so it doesn't be a part of the general more flexible op code numbering.

It's not shown very nicely on GitHub, the markdown needs some work.

When Cli is called from Ez, and there's an unhandled exception, the stack trace should be made available for display to Ez.

When a file is to be written, and overwriting is disallowed, a new name is generated with a trailing pattern like "... (n).ext". If the original name already has this pattern, don't add another one, instead extract the pattern and continue increasing within that pattern until a free name is found. I.e. attempting to write "File (1).ext" when it already exists, results in for example "File (2).ext" instead of "File (1) (1).ext" as the current code does.

Add comments, remove unnecessary usings, other non-functional pure refactoring.

.NET Core no longer has built-in support for all encodings that .NET Framework did.

Add appropriate status codes.

Implement a simple function to encrypt/decrypt a string under a password, outputting the encrypted data as ASCII armored text. It's ca. 300 bytes overhead, but that's not really of any consequence. Possibly we could in the future do a slimmed down version with less overhead. Since it starts with a GUID, we don't need to wrap it with marker lines, but perhaps
we should anyway to make it easy for humans to know what it is.

It's almost the most common question asked in all forums "How do I encrypt a string" - and this would be a good way to once and for all implement some good reference code to illustrate the actual magnitude of the problem.

When a file is temporarily decrypted, there may be a collision with the file name in the temporary folder, and then a ...(n) suffix is used to disambiguate. However, when this file is re-encrypted, the original name in the encrypted file should be retained instead of using the name that was generated for disambiguation.
The syntax for now is to extend the standardio naming, which already supports -:[OriginalName] and +:[OriginalName], to support [ActualFullName]-:[OriginalName] and [ActualFullName]-:[OriginalName] . This strategy may need to be modified in the future, since there is a risk of someone actually naming a file with "-:" in the name, at least on Linux/macOS. The challenge is that the only forbidden character in a file name in Linux is '/', and this makes it impossible to reliably parse a string to separate the file name part from the path-part. It should work on Windows, because a ':' should not be able to used in a conflicting name context (although there might be some case with alternate data streams where it's used on Windows...).
For now, we'll use "-:" and "+:" and handle this when/if it's reported as an actual problem somewhere.
The alternative for original name might be to just add a third optional parameter to the encryption option.

When using named standard io input, there's a crash due to trying to validate a path that is empty.

The name is "Xecrets File Cli", If used in running text, the term "the CLI" may also be used or "the command line" or "the command line tool" (never "the command line interface"). It's a tool for developers, it doesn't have to be verbose and easy to understand, and it gets very cumbersome with "Xecrets File Command Line"... So Xecrets File Cli it is. But it's still "the CLI", it's just in the name that only the first letter is capitalized.

For the SDK, the name is "Xecrets File Sdk" or "Xecrets.File.Sdk", but in running text the term "the SDK" may be used. It's written "Sdk" when naming it, and "SDK" when referring to it as "a software development kit" or "the software development kit" etc.

The desktop app is named "Xecrets File Ez", but may also be referred to as "the desktop app", "the GUI" (not preferred), "the graphical user interface" etc.

The work folder location is set to the user temp folder, but it's better to avoid collisions by having it in a XecretsFileCli-specific sub directory.

Since the file format unfortunately requires a password field, even if using public key cryptography, there should be an option
to use a random password - effectively not having a password. It should only be allowed if at least one public key is used at the same time.

Several completely different situations end up in CLI reporting XfStatusCode.Error. This complicates tracking down problems when they are reported via Ez, since the original stack trace is lost then. Create new distinct error codes for the various situations.

Ensure logging is configured during parsing, so even if that goes south, the caller gets json if requested.

It's set and reset only during the Dry phase. It should be set etc during the Dry phase, then restored to original default, then set in the same way again for the Real phase.

During startup of the tool, a scan is made for possible license files. This file may be locked, if so, just ignore it - don't crash. This can be caused by redirecting stdout to a .txt file when invoking the command line.

Update all relevant copyright notices to Copyright © 2022-2023 etc.

There's a crash if named stdin is used.

When an encrypted key file is successfully loaded, it contains both the private and the public key as well as the email moniker for that user. Change so that email/public key is always used when encrypting, ensuring that the file session master key is encrypted with that public key, as well as the password.

When testing if a file can be written to, we'll create one if it's not already there, thereby checking that we really can write to the file. However, we then delete the file unconditionally, even if it existed before. This is not right and apparently also causes problems with Norton, which will claim this as "suspicious" activity by a "file protection" "feature", and just block the delete causing a crash. Although the Norton behavior is stupid, it's nonetheless incorrect behavior to delete a file just because we're testing it for writeability.

Change so the prebuilt binaries will work without restriction in regular command line mode, when not using options intended for programmatic use such as --json-log, --file and --environment, but using them will require a maintenance subscription - or a GPL build of course.