fix: harden DM crypto — HKDF key derivation, AEAD associated data, ModInverse nil check

- Derive symmetric key via HKDF-SHA256 instead of using raw X25519 shared secret
- Bind sender + recipient pubkeys as ChaCha20-Poly1305 associated data to prevent key-confusion attacks
- Guard against ModInverse panic on degenerate public keys (y=1)
- Wrap DecryptDM error instead of swallowing it
- Update JS client to match Go implementation
- Document encryption details in PROTOCOL.md

0 files changed, 0 insertions, 0 deletions