feat: add protocol comparison docs, P2P crate, production audit, and design fixes

Add comprehensive documentation comparing quicnprotochat against classical
chat protocols (IRC+SSL, XMPP, Telegram) with diagrams and attack scenarios.
Promote comparison pages to top-level sidebar section. Include P2P transport
crate (iroh), production readiness audit, CI workflows, dependency policy,
and continued architecture improvements across all crates.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docs/src/wire-format/node-service-schema.md

@@ -21,8 +21,7 @@ interface NodeService {
   # Upload a single-use KeyPackage for later retrieval by peers.
   # identityKey : Ed25519 public key bytes (32 bytes)
   # package     : TLS-encoded openmls KeyPackage
-  # auth        : Auth context (versioned). For legacy clients, pass an empty
-  #               struct or version=0.
+  # auth        : Auth context (version=1, non-empty accessToken required).
   uploadKeyPackage @0 (identityKey :Data, package :Data, auth :Auth)
                       -> (fingerprint :Data);
 
@@ -33,7 +32,7 @@ interface NodeService {
   # Enqueue an opaque payload for delivery to a recipient.
   # channelId : Optional channel identifier (empty for legacy). A 16-byte UUID
   #             is recommended for 1:1 channels.
-  # version   : Schema/wire version. Must be 0 (legacy) or 1 (this spec).
+  # version   : Schema/wire version. Must be 1.
   enqueue @2 (recipientKey :Data, payload :Data, channelId :Data,
               version :UInt16, auth :Auth) -> ();
 
@@ -57,7 +56,7 @@ interface NodeService {
 }
 
 struct Auth {
-  version @0 :UInt16;   # 0 = legacy/none, 1 = token-based auth
+  version @0 :UInt16;   # 1 = token-based auth (required)
   accessToken @1 :Data; # opaque bearer token issued at login
   deviceId @2 :Data;    # optional UUID bytes for auditing/rate limiting
 }
@@ -108,7 +107,7 @@ Enqueues an opaque payload for delivery. Identical semantics to the standalone [
 | `recipientKey` | `Data` | 32 bytes | Recipient's raw Ed25519 public key |
 | `payload` | `Data` | Variable | Opaque byte string (typically MLS ciphertext) |
 | `channelId` | `Data` | 0 or 16 bytes | Channel identifier (empty for legacy, UUID recommended) |
-| `version` | `UInt16` | 2 bytes | Wire version: `0` = legacy, `1` = current |
+| `version` | `UInt16` | 2 bytes | Wire version: `1` = current (required) |
 | `auth` | `Auth` | Struct | Authentication context |
 
 #### `fetch @3`
@@ -204,18 +203,9 @@ The `Auth` struct is attached to every mutating or per-user method call. It prov
 
 | Version | Behavior |
 |---|---|
-| `0` | **Legacy / no authentication.** The server ignores `accessToken` and `deviceId`. All requests are accepted unconditionally. This is the default for M1-M3 development. |
-| `1` | **Token-based authentication.** The server validates `accessToken` and rejects requests with missing or invalid tokens. `deviceId` is used for audit logging. |
+| `1` | **Token-based authentication (required).** The server validates `accessToken` (static token or OPAQUE session) and rejects requests with missing or invalid tokens. `deviceId` is used for audit logging. |
 
-### Backward compatibility
-
-The `version` field enables a clean migration path:
-
-1. **Existing clients** that do not set the `Auth` struct (or set `version=0`) continue to work with servers running in legacy mode.
-2. **New clients** set `version=1` and provide a valid `accessToken`.
-3. **The server** inspects `version` to decide which validation path to use. When the migration is complete, the server can reject `version=0` requests.
-
-This pattern avoids the need for a breaking schema change when authentication is introduced.
+Auth version `0` is no longer supported; clients must send `version=1` and a valid token.
 
 ---