Fix unlock detection to work with server-side data filtering

- Update unlock-system.js to check 'locked' field instead of 'requires' for lock detection
- Pass null for key/pin/password required values (server validates)
- Preserve 'requires' field for biometric/bluetooth locks (contains item identifiers, not answers)
- Update both Game model and controller filtering methods

Fixes issue where locked objects didn't prompt for unlock after server-side filtering was implemented.

app/controllers/break_escape/games_controller.rb

@@ -304,8 +304,12 @@ module BreakEscape
     def filter_requires_recursive(obj)
       case obj
       when Hash
-        # Remove 'requires' (the answer/solution) from all objects
-        obj.delete('requires')
+        # Remove 'requires' for exploitable lock types (key/pin/password/rfid)
+        # Keep it for biometric/bluetooth since they reference collectible items, not answers
+        lock_type = obj['lockType']
+        if lock_type && !%w[biometric bluetooth].include?(lock_type)
+          obj.delete('requires')
+        end
 
         # Recursively filter nested structures
         obj.each_value { |value| filter_requires_recursive(value) }