refactor(files_sharing): clarify password generation logic

[joshtrichards]

Summary

Clean up the file sharing GeneratePassword.ts module to make the server-side and local password generation paths clearer, safer to read, and easier to reason about:

• extract local password generation logic into generateLocalPassword()
• rename the random byte helper to fillRandomValues()
• simplify password policy API access by extracting generateUrl and password
• simplify OCS response access with optional chaining
• clarify the local fallback behavior and related JSDoc/comments
• refactor character selection to use an explicit Math.floor() byte-to-index calculation based on the full 256-value byte range (0..255), which makes the bounds and intent clearer and avoids relying on charAt() implicit float coercion

This is intended as a readability and maintainability cleanup rather than a meaningful behavior change. In particular, the byte-to-index refactor is a small correctness/readability improvement, not the sort of change that meaningfully alters the user-facing strength of generated passwords.

Notes

• Local password generation still falls back to Math.random() as a last resort when the crypto API is unavailable. This remains intentionally compatible with the current behavior, but it is not cryptographically secure.
• Success toast behavior is unchanged: a success toast is currently shown for server-side generation, but not for local fallback generation. I believe this is a bug, but kept it out-of-scope for now.
• Logging on insecure fallback was considered, but is not included in this change to keep the runtime behavior and log surface unchanged.

While working on nextcloud-libraries/nextcloud-auth#950, I looked for other places where a similar cleanup would be relevant, which led to this PR.

Checklist

• Code is properly formatted
• Sign-off message is added to all commits
• Tests (unit, integration, api and/or acceptance) are included
• Screenshots before/after for front-end changes
• Documentation (manuals or wiki) has been updated or is not required
• Backports requested where applicable (ex: critical bugfixes)
• Labels added where applicable (ex: bug/enhancement, 3. to review, feature component)
• Milestone added for target branch/version (ex: 32.x for stable32)

AI (if applicable)

• The content of this PR was partly or fully generated using AI