critical: Confirm plugin must know when activeDid changes

- Added critical requirement that plugin MUST be notified of activeDid changes
- Enhanced plugin interface with onActiveDidChange() callback method
- Added clearCacheForNewIdentity() and refreshAuthenticationForNewIdentity() methods
- Updated integration examples to include activeDid change listeners
- Created comprehensive ActiveDid change requirements document covering:
  * Security implications of not detecting changes
  * Event-based notification pattern implementation
  * Cache clearing and authentication refresh requirements
  * Testing scenarios for identity switching
  * Platform-specific considerations and edge cases
  * Performance optimization for rapid identity changes

This addresses the critical data integrity and security requirement that the plugin
must know when TimeSafari users switch identities to prevent data leakage.

doc/BACKGROUND_DATA_FETCHING_PLAN.md

@@ -271,11 +271,15 @@ await plugin.configureDatabase({
 const activeIdentity = await this.$getActiveIdentity();
 await plugin.setActiveDidFromHost(activeIdentity.activeDid);
 
+// CRITICAL: Set up activeDid change listener
+plugin.onActiveDidChange(async (newActiveDid) => {
+  await plugin.clearCacheForNewIdentity();
+  await plugin.refreshAuthenticationForNewIdentity(newActiveDid);
+  logger.info(`[TimeSafari] ActiveDid changed to: ${newActiveDid}`);
+});
+
 // Enable automatic background lookup
 await plugin.enableAutoActiveDidMode();
-
-// Plugin can fetch content and cache independently
-const results = await plugin.executeContentFetch(config);
 ```
 
 **Web: Host-Managed Database with Hybrid activeDid**
@@ -345,6 +349,11 @@ interface EnhancedDailyNotificationPlugin {
   // TimeSafari Integration Methods
   initializeFromTimeSafari(): Promise<void>;
   listenForActiveDidChanges(): Promise<void>;
+  
+  // Critical: ActiveDid Change Handling
+  onActiveDidChange(callback: (newActiveDid: string) => Promise<void>): void;
+  clearCacheForNewIdentity(): Promise<void>;
+  refreshAuthenticationForNewIdentity(activeDid: string): Promise<void>;
 }
 ```
 
@@ -356,6 +365,11 @@ interface EnhancedDailyNotificationPlugin {
 - **Implement** dual-mode activeDid access:
   - **Foreground**: Host provides activeDid via `setActiveDidFromHost()`
   - **Background**: Plugin looks up activeDid via `refreshActiveDidFromDatabase()`
+- **Critical**: Plugin **MUST** know when activeDid changes for:
+  - **Event-Based Notification**: Listen for `activeDidChanged` events from TimeSafari
+  - **Cache Invalidation**: Clear cached content when user switches identity
+  - **Token Refresh**: Generate new JWT tokens with updated activeDid
+  - **Background Task Coordination**: Stop/restart tasks with new identity context
 - **Coordinate** with TimeSafari's PlatformServiceMixin for identity changes
 
 ## Migration & Testing Strategy
@@ -375,6 +389,8 @@ interface EnhancedDailyNotificationPlugin {
   - Test `setActiveDidFromHost()` with TimeSafari PlatformServiceMixin
   - Test `refreshActiveDidFromDatabase()` with background tasks
   - Test `enableAutoActiveDidMode()` for automatic synchronization
+  - **Critical**: Test `onActiveDidChange()` listener with identity switches
+  - Test cache invalidation and token refresh during activeDid changes
 - **Background testing** on real devices (doze mode, app backgrounding)
 - **Authentication testing** with actual DID credentials from TimeSafari active_identity table
 - **Cross-platform testing** for Android/Electron (SQLite access) vs Web (host delegation) patterns