Issue #393 reported mo clean hanging on 'Scanning sandboxed apps'
and 'Scanning orphaned app resources'.
Root cause: should_protect_data() was looping through 332 patterns
(28 SYSTEM_CRITICAL_BUNDLES_FAST + 304 DATA_PROTECTED_BUNDLES).
For 662 sandboxed containers, this resulted in 220,000+ pattern matches.
Solution: Replace loops with fast case statement for common prefixes:
- com.apple.* (system apps) - instant return
- com.microsoft.*, com.jetbrains.* (IDEs) - instant return
- Password managers, VPNs, Docker etc. - instant return
- Other apps - instant return (no protection needed)
- Only check detailed list for special wildcards (com.tencent.* etc.)
Performance: Clean command maintains 35s (same as previous optimization)
Functionality: All 9 protection tests pass
15bb60c531