feat: add in-flight RPC tracking, plugin shutdown hooks, and graceful drain

Replace the fixed 30s sleep-based shutdown drain with actual in-flight RPC
tracking using an Arc<AtomicUsize> counter and RAII InFlightGuard. On
SIGTERM/SIGINT the server now:

1. Stops accepting new client and federation connections
2. Sends QUIC CONNECTION_CLOSE with reason "server shutting down"
3. Polls the in-flight counter until it reaches 0 (or drain timeout)
4. Logs drain progress as RPCs complete
5. Calls plugin on_shutdown hooks before exit

Also adds:
- on_shutdown hook to HookVTable (C-ABI plugin API) and ServerHooks trait
- server_in_flight_rpcs Prometheus gauge metric
- Federation connection tracking via shared in-flight counter

crates/quicprochat-plugin-api/src/lib.rs

@@ -180,6 +180,11 @@ pub struct HookVTable {
     /// Called by the server when it is done with this plugin (shutdown).
     /// Release resources / join threads here. May be null.
     pub destroy: Option<unsafe extern "C" fn(user_data: *mut core::ffi::c_void)>,
+
+    /// Called when the server is shutting down, before connections are closed.
+    /// Plugins can use this to flush buffers, close external connections, etc.
+    /// May be null (server treats it as a no-op).
+    pub on_shutdown: Option<unsafe extern "C" fn(user_data: *mut core::ffi::c_void)>,
 }
 
 // SAFETY: `HookVTable` contains raw pointers (`user_data`, function pointers)