docs(tests): TEST_CASES.md + wire-tap proof for university practice

Adds proof artifacts that the PQ tunnel is real:

- crates/aura-proto/tests/pq_wire_tap.rs — new integration test that
  intercepts every byte flowing on the in-memory transport and asserts:
  (1) ClientHello payload = 32 + 1184 + 32 (X25519 + ML-KEM-768 ek + nonce),
  (2) ServerHello payload = 32 + 1088 + 32 (X25519_eph + ML-KEM-768 ct + nonce),
  (3) a 56-byte plaintext marker shipped in a Data frame is absent from
      the wire in both directions,
  (4) ServerAuth/Data AEAD bodies have Shannon entropy >= 7 bits/byte.

- TEST_CASES.md — Russian-language report mapping 12 test cases to the
  exact code and captured outputs (KAT, hybrid round-trip, AEAD tamper
  detection, mutual X.509 rejection, replay window, 1000-packet flow,
  in-vivo ping, bench-crypto timings, new wire-tap proof).

- docs/test_evidence/ — full captured stdout of cargo test runs and
  aura bench-crypto, referenced from TEST_CASES.md.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

docs/test_evidence/aura_bench_crypto.txt

@@ -0,0 +1,12 @@
+aura bench-crypto — 200 iterations per op (hybrid X25519 + ML-KEM-768)
+
+operation                                 avg        ops/sec
+------------------------------------------------------------
+KEM keygen                         3.833927ms            261
+KEM encapsulate                    4.429617ms            226
+KEM decapsulate                    5.413446ms            185
+full hybrid handshake             13.761461ms             73
+AEAD seal+open 1KiB                 342.541µs           2919
+AEAD seal+open 64KiB              19.988968ms             50
+
+(timings are wall-clock averages on this host; not a substitute for criterion)