fix(org-caldav): switch to Basic auth — Baikal server changed from Digest to Basic

Server-side: dav_auth_type changed to Basic in baikal.yaml (HTTPS = secure).
Config simplified — no Digest hackery, standard authinfo works natively.
~/.authinfo: machine cal.apps.sukany.cz login martin password PASS
             machine cal.apps.sukany.cz login family password PASS

config.el

@@ -1732,71 +1732,31 @@ current frame."
 
 ;;; --- Tier 1: High impact ---
 
-;; org-caldav — CalDAV sync for org (Baikal server, Digest auth)
+;; org-caldav — CalDAV sync for org (Baikal, Basic auth over HTTPS)
-;; Credentials: add to ~/.authinfo:
+;; Add to ~/.authinfo:
 ;;   machine cal.apps.sukany.cz login martin password YOUR_PASSWORD
+;;   machine cal.apps.sukany.cz login family password YOUR_PASSWORD
 (use-package! org-caldav
-  :commands (org-caldav-sync my/org-caldav-sync)
+  :commands my/org-caldav-sync
   :config
-  (setq org-caldav-url "https://cal.apps.sukany.cz/dav.php/calendars/martin"
-        org-caldav-calendar-id "default"
-        org-caldav-inbox "~/org/caldav-inbox.org"
-        org-caldav-files '("~/org/personal.org" "~/org/work.org")
-        org-caldav-sync-direction 'twoway)
-
-  (defun my/caldav-get-password (host user)
-    "Fetch plaintext password from auth-source for HOST and USER."
-    (let* ((found (car (auth-source-search :host host :user user :max 1)))
-           (s     (when found (plist-get found :secret))))
-      (when s (if (functionp s) (funcall s) s))))
-
-  (defun my/caldav-register-digest (user realm server plaintext-pass)
-    "Register Digest auth for USER@SERVER with realm REALM.
-Stores HA1 = MD5(user:realm:pass) in url-digest-auth-storage."
-    (when (and (boundp 'url-digest-auth-storage) plaintext-pass)
-      (let ((ha1 (md5 (concat user ":" realm ":" plaintext-pass))))
-        (setf (alist-get server url-digest-auth-storage nil nil #'equal)
-              (list (list realm user ha1))))))
-
   (defun my/org-caldav-sync ()
     "Sync org-caldav: personal calendar (twoway) + family calendar (read-only)."
     (interactive)
-    (require 'url-auth)
+    ;; Personal calendar — twoway, new events created here
-    (let* ((host  "cal.apps.sukany.cz")
-           (realm "BaikalDAV")
-           (srv   "cal.apps.sukany.cz:443")
-           ;; Get passwords from ~/.authinfo:
-           ;;   machine cal.apps.sukany.cz login martin password PASS
-           ;;   machine cal.apps.sukany.cz login family password PASS
-           (pass-m (my/caldav-get-password host "martin"))
-           (pass-f (my/caldav-get-password host "family")))
-
-      ;; Fallback: pre-computed HA1 for martin if authinfo missing
-      (if pass-m
-          (my/caldav-register-digest "martin" realm srv pass-m)
-        (when (boundp 'url-digest-auth-storage)
-          (setf (alist-get srv url-digest-auth-storage nil nil #'equal)
-                (list (list realm "martin" "7cf9c41c78f4986fd65948029bcc4743")))))
-
-      ;; Sync personal calendar (twoway — new events go here)
     (setq org-caldav-url           "https://cal.apps.sukany.cz/dav.php/calendars/martin"
           org-caldav-calendar-id   "default"
           org-caldav-inbox         "~/org/caldav-inbox.org"
           org-caldav-files         '("~/org/personal.org" "~/org/work.org")
           org-caldav-sync-direction 'twoway)
     (org-caldav-sync)
-
+    ;; Family calendar — read-only (fromcal), no writes back
-      ;; Sync family calendar (fromcal = read-only, no writes back)
-      (when pass-f
-        (my/caldav-register-digest "family" realm srv pass-f))
     (setq org-caldav-url           "https://cal.apps.sukany.cz/dav.php/calendars/family"
           org-caldav-calendar-id   "default"
           org-caldav-inbox         "~/org/family-calendar.org"
           org-caldav-files         nil
           org-caldav-sync-direction 'fromcal)
     (org-caldav-sync)
-
+    (message "CalDAV sync complete: personal (twoway) + family (read-only)")))
-      (message "CalDAV sync complete: personal (twoway) + family (read-only)"))))
 
 (map! :leader "o c" #'my/org-caldav-sync)