feat: add delivery sequence numbers + major server/client refactor

Delivery sequence numbers (MLS epoch ordering fix):
- schemas/node.capnp: add Envelope{seq,data} struct; enqueue returns seq:UInt64;
  fetch/fetchWait return List(Envelope) instead of List(Data)
- storage.rs: Store trait enqueue returns u64; fetch/fetch_limited return
  Vec<(u64, Vec<u8>)>; FileBackedStore gains QueueMapV3 with per-inbox seq
  counters and V2→V3 on-disk migration
- migrations/002_add_seq.sql: seq column, delivery_seq_counters table, index
- sql_store.rs: atomic UPSERT counter via RETURNING, ORDER BY seq, SCHEMA_VERSION→3
- node_service/delivery.rs: builds Envelope list; returns seq from enqueue
- client/rpc.rs: enqueue→u64, fetch_all/fetch_wait→Vec<(u64,Vec<u8>)>
- client/commands.rs: sort-by-seq before MLS processing; retry loop in cmd_recv
  and receive_pending_plaintexts for correct epoch ordering

Server refactor:
- Split monolithic main.rs into node_service/{mod,delivery,auth_ops,key_ops,p2p_ops}
- Add auth.rs (token validation, rate limiting), config.rs, metrics.rs, tls.rs
- Add SQL migrations runner (001_initial.sql, 002_add_seq.sql)
- OPAQUE PAKE login/registration, sealed-sender mode, queue depth limit (1000)

Client refactor:
- Split lib.rs into client/{commands,rpc,state,retry,hex,mod}
- Add cmd_whoami, cmd_health, cmd_check_key, cmd_ping subcommands
- Add cmd_register_user, cmd_login (OPAQUE), cmd_refresh_keypackage
- Hybrid PQ envelope (X25519 + ML-KEM-768) on all send/recv paths
- E2E test suite expanded

Other:
- quicnprotochat-gui: Tauri 2 desktop GUI skeleton (backend + HTML UI)
- quicnprotochat-p2p: iroh-based P2P transport stub
- quicnprotochat-core: app_message, hybrid_crypto modules; GroupMember API updates
- .github/workflows/size-lint.yml: binary size regression check
- docs: protocol comparison, roadmap updates, fully-operational checklist

docs/src/roadmap/milestones.md

@@ -14,10 +14,10 @@ for what that means in practice.
 | M1 | QUIC/TLS Transport | **Complete** | QUIC + TLS 1.3 endpoint, length-prefixed framing, Ping/Pong |
 | M2 | Authentication Service | **Complete** | Ed25519 identity, KeyPackage generation, AS upload/fetch |
 | M3 | Delivery Service + MLS Groups | **Complete** | DS relay, GroupMember create/join/add/send/recv |
-| M4 | Group CLI Subcommands | **Next** | Persistent CLI (create-group, invite, join, send, recv); `demo-group` already available |
-| M5 | Multi-party Groups | Planned | N > 2 members, Commit fan-out, Proposal handling |
-| M6 | Persistence | Planned | SQLite key store, durable group state |
-| M7 | Post-quantum | Planned | PQ hybrid for MLS/HPKE (X25519 + ML-KEM-768) |
+| M4 | Group CLI Subcommands | **Complete** | Persistent CLI (create-group, invite, join, send, recv), OPAQUE login |
+| M5 | Multi-party Groups | **Complete** | N > 2 members, Commit fan-out, send --all, epoch sync |
+| M6 | Persistence | **Complete** | SQLite/SQLCipher, migrations, durable server + client state |
+| M7 | Post-quantum | **Next** | PQ hybrid for MLS/HPKE (X25519 + ML-KEM-768) |
 
 ---
 
@@ -103,63 +103,45 @@ group\_id lifecycle, MLS integration.
 
 ---
 
-## M4 -- Group CLI Subcommands (Next)
+## M4 -- Group CLI Subcommands (Complete)
 
 **Goal:** Persistent, composable CLI subcommands for group operations, replacing
 the monolithic `demo-group` proof-of-concept.
 
-**Planned deliverables:**
-
-- `create-group` -- creates a new MLS group, stores state locally
-- `invite <identity>` -- adds a member by fetching their KeyPackage from the AS
-- `join` -- processes a Welcome message and joins an existing group
-- `send <message>` -- encrypts and enqueues an application message
-- `recv` -- fetches and decrypts pending messages (or long-polls with `fetchWait`)
-
-The `demo-group` subcommand remains available as a single-command demonstration
-of the full flow.
+**Deliverables:** `create-group`, `invite`, `join`, `send`, `recv`, `chat`;
+OPAQUE `register-user` and `login`; `demo-group` remains for single-command demo.
 
 ---
 
-## M5 -- Multi-party Groups (Planned)
+## M5 -- Multi-party Groups (Complete)
 
 **Goal:** Support groups with N > 2 members, including Commit fan-out and
-Proposal handling.
+epoch synchronisation.
 
-**Planned deliverables:**
-
-- Commit fan-out through the DS to all group members
-- Proposal handling (Add, Remove, Update)
-- Epoch synchronisation across N members
-- Criterion benchmarks: key generation, encap/decap, group-add latency
-  (10/100/1000 members)
+**Deliverables:** Commit fan-out to existing members on invite; `send --all`;
+`cmd_join` processes all queued payloads (Welcome + Commits); three-party E2E
+passing. Proposal handling (Remove, Update) and Criterion benchmarks are
+optional follow-ups.
 
 ---
 
-## M6 -- Persistence (Planned)
+## M6 -- Persistence (Complete)
 
 **Goal:** Server survives restart. Client state persists across sessions.
 
-**Planned deliverables:**
-
-- `quicnprotochat-server`: SQLite via `sqlx` for AS key store and DS message log,
-  `migrations/` directory
-- `docker/Dockerfile`: multi-stage build (`rust:bookworm` builder, `debian:bookworm-slim` runtime)
-- `docker-compose.yml`: server + SQLite volume, healthcheck
-- Client reconnect with session resume (re-handshake + rejoin group epoch from
-  DS log)
-
+**Deliverables:** SQLite/SQLCipher via rusqlite, `migrations/` directory and
+migration runner; client state file and DiskKeyStore (encrypted QPCE optional).
 See [Future Research: SQLCipher](future-research.md#storage--persistence) for
 encrypted-at-rest options.
 
 ---
 
-## M7 -- Post-quantum (Planned)
+## M7 -- Post-quantum (Next)
 
 **Goal:** Replace the MLS crypto backend with a hybrid X25519 + ML-KEM-768 KEM,
 providing post-quantum confidentiality for all group key material.
 
-**Planned deliverables:**
+**Deliverables:**
 
 - Custom `OpenMlsCryptoProvider` with hybrid KEM in `quicnprotochat-core`
 - Hybrid shared secret derivation: