fix: add explicit crypto import, tighten privacy warning to sessionContent check

- Import crypto from 'node:crypto' for consistency with codebase
  conventions (every other file uses explicit import, not global)
- Tighten late-block privacy warning to only fire when sessionContent
  was actually loaded (non-null) — prevents misleading warning when
  no transcript was ever read from disk or sent to LLM
- Add matching crypto import in test file so vi.spyOn mocks the
  correct module reference

src/hooks/bundled/session-memory/handler.test.ts

@@ -1,3 +1,4 @@
+import crypto from "node:crypto";
 import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";

src/hooks/bundled/session-memory/handler.ts

@@ -5,6 +5,7 @@
  * Creates a new dated memory file with LLM-generated slug
  */
 
+import crypto from "node:crypto";
 import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
@@ -450,7 +451,10 @@ const saveSessionToMemory: HookHandler = async (event) => {
         // provider for slug generation — but only when the transcript was actually
         // loaded (i.e. no custom content was pre-set). When hasCustomContent is
         // true, transcript loading and LLM calls were skipped entirely.
-        if (!hasCustomContent) {
+        if (!hasCustomContent && sessionContent) {
+          // Only warn when transcript was actually loaded and potentially
+          // sent to the LLM for slug generation. When sessionFile was null
+          // or sessionContent failed to load, no data left the device.
           log.warn(
             "blockSessionSave was set by a late hook — memory file will be retracted, but " +
               "transcript content may have already been sent to the LLM provider for slug generation. " +