feat: add E2E encryption module to meshservice

X25519 key agreement + HKDF-SHA256 + ChaCha20-Poly1305 AEAD for
opt-in payload encryption. Each message uses a fresh ephemeral key
for forward secrecy. 11 new tests cover roundtrip, wrong-key
rejection, tampering, wire format integration, and edge cases.

Cargo.lock

@@ -3207,8 +3207,10 @@ name = "meshservice"
 version = "0.1.0"
 dependencies = [
  "anyhow",
+ "chacha20poly1305",
  "ciborium",
  "ed25519-dalek 2.2.0",
+ "hkdf",
  "rand 0.8.5",
  "serde",
  "sha2 0.10.9",