feat: add in-flight RPC tracking, plugin shutdown hooks, and graceful drain

Replace the fixed 30s sleep-based shutdown drain with actual in-flight RPC
tracking using an Arc<AtomicUsize> counter and RAII InFlightGuard. On
SIGTERM/SIGINT the server now:

1. Stops accepting new client and federation connections
2. Sends QUIC CONNECTION_CLOSE with reason "server shutting down"
3. Polls the in-flight counter until it reaches 0 (or drain timeout)
4. Logs drain progress as RPCs complete
5. Calls plugin on_shutdown hooks before exit

Also adds:
- on_shutdown hook to HookVTable (C-ABI plugin API) and ServerHooks trait
- server_in_flight_rpcs Prometheus gauge metric
- Federation connection tracking via shared in-flight counter

crates/quicprochat-server/src/hooks.rs

@@ -128,6 +128,12 @@ pub trait ServerHooks: Send + Sync {
     fn on_user_registered(&self, _username: &str, _identity_key: &[u8]) {
         // Default: no-op
     }
+
+    /// Called when the server is shutting down, before connections are closed.
+    /// Plugins can flush buffers, close external connections, or perform cleanup.
+    fn on_shutdown(&self) {
+        // Default: no-op
+    }
 }
 
 /// No-op hook implementation (default).
@@ -190,6 +196,10 @@ impl ServerHooks for TracingHooks {
     fn on_user_registered(&self, username: &str, _identity_key: &[u8]) {
         tracing::info!(username = %username, "hook: user registered");
     }
+
+    fn on_shutdown(&self) {
+        tracing::info!("hook: server shutting down");
+    }
 }
 
 fn hex_prefix(bytes: &[u8]) -> String {