If you care about security and being protected from hacking, then for a game like this, even single-player progress/matches would need to happen via multiplayer. I haven't played hearthstone, but i imagine if it does have a single player training mode which allows you to gain progress, that AI is still likely running on their servers. This is simply done for game integrity. Deck management and other things are all stored and rewarded on the server side. As otherwise, a client could simply use a program like cheat engine, or even just modify the files to get whatever they want.
However, for the time being, given that you want to start simple, then yes, doing this is fine if you just want to get the functionality working
! It is best to start simple and work your way up as networking can be difficult to organise unless you have done it before. It will take time to develop an alternative way of structuring your projects and even organising interactions between the server and the client without practise. So yeah, start small, and work your way up. Eventually, knowing how to handle these systems will come more easily.
The top comment about it being invalid to design them locally is only true if there are unlocks/progression, or restrictions on deck structure. If the player has access to all the cards from the get go, and there are no rules/limits for the deck, then it is fine for the client just to send the deck over and for the server to accept it. If there are limitations on structure, you can get the server to run a validation function (For example if you are only allowed 3 of one particular card), the server could then report back that your deck is invalid, which would require the player to go back in.
For these sorts of things, validation is normally done both on the client side and the server side. The client side is to stop the client accidentally making something incorrect in the first place, the server side is to prevent that affecting subsequent actions. (Naturally, the only way it could therefore be wrong on the client is if someone had externally tampered with it)
Again, not a huge need for you to worry about that now, but its good to start thinking about security early on, and equally, just to get into good habits as fast as possible. Sometimes I see people who have been working on multiplayer games for years and they still have bad habits. It took me a while to break my own, especially when it came to allowing the client too much freedom