WIP: add OPAQUE password-authenticated key exchange

Add opaque-ke (v4, ristretto255) for password-based registration and
login. Extend NodeService schema with opaqueRegisterStart/Finish and
opaqueLoginStart/Finish RPCs. Add Store trait methods for OPAQUE server
setup and user records. Initial e2e integration test scaffolding.

Note: FileBackedStore does not yet implement the new Store trait
methods — server compilation is temporarily broken.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

crates/quicnprotochat-client/Cargo.toml

@@ -26,6 +26,10 @@ serde         = { workspace = true }
 serde_json    = { workspace = true }
 bincode       = { workspace = true }
 
+# Crypto — OPAQUE PAKE
+opaque-ke     = { workspace = true }
+rand          = { workspace = true }
+
 # Error handling
 anyhow        = { workspace = true }
 thiserror     = { workspace = true }
@@ -44,5 +48,7 @@ tracing-subscriber = { workspace = true }
 clap          = { workspace = true }
 
 [dev-dependencies]
-# Integration tests use quicnprotochat-core, quicnprotochat-proto, and capnp-rpc directly.
 dashmap       = { workspace = true }
+assert_cmd    = "2"
+tempfile      = "3"
+portpicker    = "0.1"