TOTP in the Clear: Proton Authenticator’s Privacy Misstep on iOS