feat: add in-flight RPC tracking, plugin shutdown hooks, and graceful drain

Replace the fixed 30s sleep-based shutdown drain with actual in-flight RPC
tracking using an Arc<AtomicUsize> counter and RAII InFlightGuard. On
SIGTERM/SIGINT the server now:

1. Stops accepting new client and federation connections
2. Sends QUIC CONNECTION_CLOSE with reason "server shutting down"
3. Polls the in-flight counter until it reaches 0 (or drain timeout)
4. Logs drain progress as RPCs complete
5. Calls plugin on_shutdown hooks before exit

Also adds:
- on_shutdown hook to HookVTable (C-ABI plugin API) and ServerHooks trait
- server_in_flight_rpcs Prometheus gauge metric
- Federation connection tracking via shared in-flight counter

crates/quicprochat-server/src/plugin_loader.rs

@@ -71,6 +71,7 @@ impl PluginHooks {
             on_user_registered: None,
             error_message: None,
             destroy: None,
+            on_shutdown: None,
         };
 
         // Safety: the symbol must have the exact signature declared in the API crate.
@@ -242,6 +243,14 @@ impl ServerHooks for PluginHooks {
             )
         };
     }
+
+    fn on_shutdown(&self) {
+        let f = match self.vtable.on_shutdown {
+            Some(f) => f,
+            None => return,
+        };
+        unsafe { f(self.vtable.user_data) };
+    }
 }
 
 // ── ChainedHooks ─────────────────────────────────────────────────────────────
@@ -300,6 +309,12 @@ impl ServerHooks for ChainedHooks {
             h.on_user_registered(username, identity_key);
         }
     }
+
+    fn on_shutdown(&self) {
+        for h in &self.hooks {
+            h.on_shutdown();
+        }
+    }
 }
 
 // ── load_plugins_from_dir ─────────────────────────────────────────────────────