feat(crypto,pki): implement Wave 1 — hybrid KEM + PKI

aura-crypto: X25519 + ML-KEM-768 (FIPS 203) hybrid KEM, HKDF-SHA256 session
key derivation, ChaCha20-Poly1305 AeadSession with counter nonces; genuine
NIST ACVP ML-KEM-768 KAT (decapsulation vector). 16 tests green, clippy clean.

aura-pki: self-signed CA, server/client cert issuance (rcgen 0.14), mutual
X.509 chain verification via rustls-webpki, CRL revocation. 8 tests green.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

crates/aura-crypto/Cargo.toml

@@ -6,8 +6,14 @@ license.workspace = true
 description = "Aura cryptographic core: hybrid X25519 + ML-KEM-768 KEM, HKDF, ChaCha20-Poly1305"
 
 [dependencies]
-ml-kem.workspace = true
-x25519-dalek.workspace = true
+# `getrandom`: enables ML-KEM's no-argument `generate_keypair()` / `encapsulate()` which use the
+# system RNG internally. This avoids a rand_core major-version mismatch (this crate uses
+# rand_core 0.6, while ml-kem's kem/crypto-common stack uses rand_core 0.10), so we never have to
+# hand ml-kem an RNG handle. Feature is additive on top of the workspace's ["zeroize"].
+ml-kem = { workspace = true, features = ["getrandom"] }
+# `zeroize`: makes x25519_dalek::StaticSecret wipe itself on drop. Additive on top of the
+# workspace's ["static_secrets"].
+x25519-dalek = { workspace = true, features = ["zeroize"] }
 hkdf.workspace = true
 hmac.workspace = true
 sha2.workspace = true
@@ -21,3 +27,7 @@ thiserror.workspace = true
 [dev-dependencies]
 hex.workspace = true
 criterion.workspace = true
+
+[[bench]]
+name = "crypto"
+harness = false