feat: Sprint 7 — Go SDK with QUIC transport and Cap'n Proto RPC

First non-Rust client SDK for quicproquo ecosystem.

- Cap'n Proto codegen: generated 6487-line Go types from node.capnp
  with all 24 RPC methods (NodeService, Auth, Envelope)
- QUIC transport: quic-go + TLS 1.3, ALPN "capnp", single bidi stream,
  300s idle timeout, InsecureSkipVerify for dev, custom CA cert support
- High-level qpq package: Connect, Health, ResolveUser, CreateChannel,
  Send/SendWithTTL, Receive/ReceiveWait, DeleteAccount, OPAQUE wrappers
- Auth management: session token storage, version/token/deviceID on all RPCs
- Example program and README with API reference

All tests pass: go test ./..., go vet, go build

sdks/go/qpq/client_test.go

@@ -0,0 +1,58 @@
+package qpq
+
+import (
+	"testing"
+)
+
+func TestSetSessionToken(t *testing.T) {
+	c := &Client{}
+	token := []byte("test-session-token-abc123")
+
+	c.SetSessionToken(token)
+
+	if string(c.token) != string(token) {
+		t.Errorf("expected token %q, got %q", token, c.token)
+	}
+}
+
+func TestSetDeviceID(t *testing.T) {
+	c := &Client{}
+	id := []byte{0x01, 0x02, 0x03, 0x04}
+
+	c.SetDeviceID(id)
+
+	if len(c.deviceID) != 4 {
+		t.Fatalf("expected 4-byte device ID, got %d bytes", len(c.deviceID))
+	}
+	for i, b := range id {
+		if c.deviceID[i] != b {
+			t.Errorf("deviceID[%d]: expected %d, got %d", i, b, c.deviceID[i])
+		}
+	}
+}
+
+func TestMessageStruct(t *testing.T) {
+	m := Message{Seq: 42, Data: []byte("hello")}
+	if m.Seq != 42 {
+		t.Errorf("expected Seq 42, got %d", m.Seq)
+	}
+	if string(m.Data) != "hello" {
+		t.Errorf("expected Data %q, got %q", "hello", m.Data)
+	}
+}
+
+func TestOptionsDefaults(t *testing.T) {
+	opts := Options{
+		Addr:               "127.0.0.1:5001",
+		InsecureSkipVerify: true,
+	}
+	if opts.Addr != "127.0.0.1:5001" {
+		t.Errorf("unexpected addr: %s", opts.Addr)
+	}
+	if !opts.InsecureSkipVerify {
+		t.Error("expected InsecureSkipVerify to be true")
+	}
+	if opts.CACertPath != "" {
+		t.Error("expected empty CACertPath")
+	}
+}