Add optional message authentication, encryption, key registry, and device transfer support

[Copilot]

TaiiNet did not have a concrete authentication model despite the issue requiring signed/encrypted messages, public-key-based filtering, username/key registration, cross-device auth transfer, React accessors, and auth coverage. This change adds an opt-in auth layer around existing message flow without changing unauthenticated usage.

• Auth primitives

  • Added TaiiNetAuth with:
    • ECDSA signing for message authenticity
    • ECDH + AES-GCM payload encryption for recipient-targeted messages
    • stable auth envelopes carrying sender/recipient key metadata needed for routing and filtering
  • Added open/seal flows for authenticated messages instead of forcing auth into the transport core.

• Identity + registry

  • Added in-memory username ↔ public key registration and lookup:
    • registerUsername(...)
    • lookupUsernameByPublicKey(...)
    • lookupPublicKeysByUsername(...)
  • Identity state now distinguishes owner keys and device keys.

• Cross-device auth transfer

  • Added short-lived device transfer tokens that carry a signed device sub-key bundle.
  • Tokens are compact base64url payloads suitable for direct copy/paste or QR encoding by consumers.

• Subscription integration

  • Subscription now supports auth-aware receive/send paths:
    • sendSecure(...) for sealed messages
    • automatic open/verify on inbound auth envelopes
    • auth-data / auth-error events alongside existing data behavior
  • Auth metadata remains queryable so subscriptions can filter by public key before decrypting payloads.

• TaiiNet integration

  • TaiiNet accepts an optional auth manager and exposes helpers for sealing/opening authenticated messages.
  • Existing non-authenticated message flow remains available.

• React access

  • Added createTaiiNetAuthHooks(React, auth) in TaiiNetAuthReact.js.
  • Exposes useTaiiNetAuth() with live auth state plus auth actions for app integration.

• Docs + auth coverage

  • Expanded README with auth usage, encryption flow, registry usage, transfer token flow, and React hook integration.
  • Added focused auth tests covering identity creation, signing, encryption/decryption, public-key filtering, token import, subscription integration, and React hook surface.

import { TaiiNet } from './TaiiNet.js';
import { TaiiNetAuth } from './Auth.js';

const auth = new TaiiNetAuth();
await auth.createIdentity('alice');

const taiinet = new TaiiNet({ auth });
const sub = taiinet.new(taiinet.Subscription, {
  "auth.publicKeys.owner": auth.getState().identity.publicKeys.signing
});

await sub.sendSecure(
  { type: "chat", text: "hello" },
  { encryptFor: [recipientEncryptionPublicKey] }
);