feat(proto): implement Wave 2 — hybrid PKI handshake + session

aura-proto: 5-byte wire header + Frame codec (§6.1/§6.3); transport-agnostic
handshake state machine (§6.2) over split tokio AsyncRead/AsyncWrite —
hybrid X25519+ML-KEM-768 KEM, SHA-256 transcript, mutual X.509 auth with
ECDSA-P256 transcript signatures (ring), constant-time HMAC Finished;
Session with sliding-window replay protection. 13 tests green, clippy clean.

Handshake message order pinned (resolves spec diagram ambiguity); reader/writer
taken by value since Session owns both halves.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

crates/aura-proto/Cargo.toml

@@ -17,6 +17,15 @@ sha2.workspace = true
 rand.workspace = true
 rustls-pki-types.workspace = true
 thiserror.workspace = true
+# Handshake signatures (ECDSA P-256 / SHA-256, ASN.1 DER). Already in the workspace lockfile.
+ring = "0.17"
+# Parse leaf cert DER (extract the EC SubjectPublicKeyInfo point) and decode PEM blocks
+# (certificates + PKCS#8 keys) to DER. Already a workspace dependency and used by aura-pki, so
+# this adds no new resolution and lets us avoid pulling in rustls-pemfile.
+x509-parser.workspace = true
+# The handshake and session are async over tokio::io::{AsyncRead, AsyncWrite}, so tokio must be a
+# normal dependency (available via the workspace `full` feature set), not only a dev-dependency.
+tokio.workspace = true
 
 [dev-dependencies]
 tokio.workspace = true