DM channels (createChannel), channel authz, security/docs, future improvements

- Add createChannel RPC (node.capnp @18): create 1:1 channel, returns 16-byte channelId
- Store: create_channel(member_a, member_b), get_channel_members(channel_id)
- FileBackedStore: channels.bin; SqlStore: migration 003_channels, schema v4
- channel_ops: handle_create_channel (auth + identity, peerKey 32 bytes)
- Delivery authz: when channel_id.len() == 16, require caller and recipient are channel members (E022/E023)
- Error codes E022 CHANNEL_ACCESS_DENIED, E023 CHANNEL_NOT_FOUND
- SUMMARY: link Certificate lifecycle; security audit, future improvements, multi-agent plan docs
- Certificate lifecycle doc, SECURITY-AUDIT, FUTURE-IMPROVEMENTS, MULTI-AGENT-WORK-PLAN
- Client/core/tls/auth/server main: assorted fixes and updates from review and audit

Co-authored-by: Cursor <cursoragent@cursor.com>

README.md

@@ -51,6 +51,7 @@ mdbook serve docs
 - **[Wire Format Reference](docs/src/wire-format/overview.md)** — Annotated Cap'n Proto schemas
 - **[Getting Started](docs/src/getting-started/prerequisites.md)** — Build, run, demo walkthrough
 - **[Roadmap](docs/src/roadmap/milestones.md)** — Milestones, production readiness, future research
+- **[Future Improvements](docs/FUTURE-IMPROVEMENTS.md)** — Prioritised list of security, ops, reliability, and feature improvements
 
 ---
 
@@ -72,6 +73,9 @@ cargo test --workspace
 cargo run -p quicnprotochat-server
 
 # Or via a config file (TOML)
+# Note: auth_token = "devtoken" and db_key = "" are for development only.
+# Production: set QUICNPROTOCHAT_AUTH_TOKEN to a strong secret and (when store_backend = "sql")
+# set QUICNPROTOCHAT_DB_KEY so the database is encrypted. Empty db_key = plaintext DB (insecure).
 cat > quicnprotochat-server.toml <<'EOF'
 listen = "0.0.0.0:7000"
 data_dir = "data"
@@ -112,11 +116,26 @@ See the [full demo walkthrough](docs/src/getting-started/demo-walkthrough.md) fo
 
 ---
 
+## Building without the GUI
+
+To build only the server and CLI client (faster, no Tauri/WebKit):
+
+```bash
+cargo build -p quicnprotochat-server -p quicnprotochat-client
+```
+
+Core and proto crates are built as dependencies. Omit `quicnprotochat-gui` and `quicnprotochat-p2p` if you don't need them.
+
+---
+
 ## Security notes
 
-This is a **proof-of-concept research project**. It has not been audited.
-See the [threat model](docs/src/cryptography/threat-model.md) for a detailed
-analysis of what is and isn't protected.
+This is a **proof-of-concept research project**. It has not undergone a formal third-party audit. See the [threat model](docs/src/cryptography/threat-model.md) for what is and isn't protected, and the [security audit](docs/SECURITY-AUDIT.md) for an internal review of authentication, crypto, transport, and authorization.
+
+- **Dependency checks:** Run `cargo install cargo-audit && cargo audit` to check for known vulnerabilities.
+- **Certificate pinning:** Use the server's certificate as `--ca-cert` (e.g. copy `server-cert.der` from the server) so the client only trusts that server; see [Certificate pinning](docs/SECURITY-AUDIT.md#certificate-pinning) in the security audit.
+
+**Production deployment:** Set `QUICNPROTOCHAT_PRODUCTION=1` and provide a strong `QUICNPROTOCHAT_AUTH_TOKEN` (not `devtoken`). When using `store_backend = "sql"`, set `QUICNPROTOCHAT_DB_KEY`; an empty key leaves the database unencrypted on disk.
 
 ---