Remove Noise protocol references from wiki docs and tests

Delete 8 Noise-specific documentation pages (noise-xx.md,
transport-keys.md, adr-001/003/006, framing-codec.md) and update
~30 remaining wiki pages to reflect QUIC+TLS as the sole transport.
Remove obsolete Noise-based integration tests (auth_service.rs,
mls_group.rs). Code-side Noise removal was done in f334ed3.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docs/src/appendix/glossary.md

@@ -8,8 +8,7 @@ relevant specification or documentation page.
 
 **AEAD** -- Authenticated Encryption with Associated Data. A symmetric encryption
 scheme that provides both confidentiality and integrity. quicnprotochat uses
-AES-128-GCM (in the MLS ciphersuite) and ChaCha20-Poly1305 (in the Noise
-transport). See [Cryptography Overview](../cryptography/overview.md).
+AES-128-GCM (in the MLS ciphersuite). See [Cryptography Overview](../cryptography/overview.md).
 
 **ALPN** -- Application-Layer Protocol Negotiation. A TLS extension that allows
 the client and server to agree on an application protocol during the TLS
@@ -90,12 +89,6 @@ in RFC 9420. MLS provides forward secrecy and post-compromise security for
 groups of any size through an efficient tree-based key schedule.
 See [MLS (RFC 9420)](../protocol-layers/mls.md).
 
-**Noise\_XX** -- A Noise Protocol Framework handshake pattern providing mutual
-authentication. Both parties transmit their static public keys during the
-handshake (encrypted after the first round-trip). The M1 transport stack uses
-Noise\_XX over TCP; the M3+ stack uses QUIC + TLS 1.3 as the primary transport.
-See [Noise\_XX Handshake](../protocol-layers/noise-xx.md).
-
 **PCS** -- Post-Compromise Security. The property that a protocol recovers
 security after a member's state is compromised. In MLS, once a compromised
 member sends an Update or Commit, subsequent epochs are secure again (assuming
@@ -130,10 +123,10 @@ epoch secrets) encrypted under the new member's HPKE init key from their
 KeyPackage. See [MLS (RFC 9420)](../protocol-layers/mls.md).
 
 **X25519** -- Elliptic curve Diffie-Hellman key exchange on Curve25519 (using
-the Montgomery form). Used for the Noise\_XX handshake (transport
-authentication) and as the classical component of DHKEM in MLS.
+the Montgomery form). Used as the classical component of DHKEM in MLS HPKE
+and in the hybrid KEM (X25519 + ML-KEM-768).
 quicnprotochat uses the `x25519-dalek` crate.
-See [X25519 Transport Keys](../cryptography/transport-keys.md).
+See [Cryptography Overview](../cryptography/overview.md).
 
 **Zeroize** -- The practice of securely clearing sensitive data (private keys,
 shared secrets) from memory when it is no longer needed. quicnprotochat uses the

docs/src/appendix/references.md

@@ -16,7 +16,6 @@ category.
 | [RFC 8446 -- The Transport Layer Security (TLS) Protocol Version 1.3](https://datatracker.ietf.org/doc/rfc8446/) | The TLS version used exclusively by quicnprotochat (no TLS 1.2 fallback). Provides the handshake, key schedule, and record layer for QUIC transport security. |
 | [RFC 9180 -- Hybrid Public Key Encryption (HPKE)](https://datatracker.ietf.org/doc/rfc9180/) | The public-key encryption scheme used internally by MLS for encrypting to KeyPackage init keys. quicnprotochat's MLS ciphersuite uses DHKEM(X25519, HKDF-SHA256) with AES-128-GCM. |
 | [NIST FIPS 203 -- Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM)](https://csrc.nist.gov/pubs/fips/203/final) | The post-quantum KEM standard. quicnprotochat plans to use ML-KEM-768 in a hybrid construction with X25519 at milestone M7. See [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md). |
-| [Noise Protocol Framework](https://noiseprotocol.org/noise.html) | The framework defining the Noise\_XX handshake pattern used in quicnprotochat's M1 transport stack. Provides mutual authentication and channel encryption. See [Noise\_XX Handshake](../protocol-layers/noise-xx.md). |
 | [Cap'n Proto specification](https://capnproto.org/) | The zero-copy serialisation format and RPC system used for all quicnprotochat wire messages and service interfaces. See [Cap'n Proto Serialisation and RPC](../protocol-layers/capn-proto.md). |
 | [draft-ietf-tls-hybrid-design -- Hybrid Key Exchange in TLS 1.3](https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/) | The combiner approach used by quicnprotochat's hybrid KEM construction (X25519 shared secret concatenated with ML-KEM-768 shared secret, fed through HKDF). See [Hybrid KEM](../protocol-layers/hybrid-kem.md). |
 | [RFC 9497 -- OPAQUE](https://datatracker.ietf.org/doc/rfc9497/) | Asymmetric password-authenticated key exchange. Considered for future authentication (see [Future Research](../roadmap/future-research.md)). |
@@ -31,13 +30,12 @@ category.
 | `openmls_rust_crypto` | [docs.rs/openmls_rust_crypto](https://docs.rs/openmls_rust_crypto/) | Pure-Rust cryptographic backend for openmls. Provides the `OpenMlsRustCrypto` provider used by `GroupMember`. |
 | `quinn` | [docs.rs/quinn](https://docs.rs/quinn/) | QUIC transport implementation. Provides the `Endpoint`, `Connection`, and stream types for client and server. See [QUIC + TLS 1.3](../protocol-layers/quic-tls.md). |
 | `rustls` | [docs.rs/rustls](https://docs.rs/rustls/) | TLS 1.3 implementation used by `quinn`. Configured with `TLS13` cipher suites only and custom certificate verification. |
-| `snow` | [docs.rs/snow](https://docs.rs/snow/) | Noise Protocol Framework implementation. Provides the Noise\_XX handshake for the M1 transport stack. See [Noise\_XX Handshake](../protocol-layers/noise-xx.md). |
 | `capnp` | [docs.rs/capnp](https://docs.rs/capnp/) | Cap'n Proto serialisation library. Used for building and reading all wire messages. |
 | `capnp-rpc` | [docs.rs/capnp-rpc](https://docs.rs/capnp-rpc/) | Cap'n Proto RPC framework. Provides the async RPC system for `NodeService`. Runs inside the QUIC encrypted channel. |
 | `capnpc` | [docs.rs/capnpc](https://docs.rs/capnpc/) | Cap'n Proto compiler invoked at build time (`build.rs`) to generate Rust types from `.capnp` schemas. |
 | `ml-kem` | [docs.rs/ml-kem](https://docs.rs/ml-kem/) | ML-KEM (NIST FIPS 203) implementation. Vendored in the workspace for the planned hybrid post-quantum KEM (M7). |
 | `ed25519-dalek` | [docs.rs/ed25519-dalek](https://docs.rs/ed25519-dalek/) | Ed25519 signing and verification. Used for MLS identity credentials (`BasicCredential`). See [Ed25519 Identity Keys](../cryptography/identity-keys.md). |
-| `x25519-dalek` | [docs.rs/x25519-dalek](https://docs.rs/x25519-dalek/) | X25519 Diffie-Hellman key exchange. Used for Noise\_XX transport authentication. See [X25519 Transport Keys](../cryptography/transport-keys.md). |
+| `x25519-dalek` | [docs.rs/x25519-dalek](https://docs.rs/x25519-dalek/) | X25519 Diffie-Hellman key exchange. Used in hybrid KEM (X25519 + ML-KEM-768) and as the classical component of DHKEM in MLS HPKE. See [Hybrid KEM](../protocol-layers/hybrid-kem.md). |
 | `zeroize` | [docs.rs/zeroize](https://docs.rs/zeroize/) | Secure memory zeroisation. All private key types implement `Zeroize + ZeroizeOnDrop`. See [Key Lifecycle and Zeroization](../cryptography/key-lifecycle.md). |
 | `tokio` | [docs.rs/tokio](https://docs.rs/tokio/) | Async runtime. All server and client I/O runs on Tokio. |
 | `clap` | [docs.rs/clap](https://docs.rs/clap/) | CLI argument parser for the client binary. |
@@ -91,15 +89,6 @@ The predecessor to ML-KEM (NIST FIPS 203). CRYSTALS-Kyber was selected by NIST
 and standardised as ML-KEM. quicnprotochat uses the `ml-kem` crate which
 implements the final FIPS 203 standard.
 
-### Noise Protocol
-
-**"The Noise Protocol Framework"**
-Trevor Perrin.
-[noiseprotocol.org/noise.html](https://noiseprotocol.org/noise.html)
-
-The specification for the Noise protocol framework, including the XX handshake
-pattern used in quicnprotochat's M1 transport stack.
-
 ### Metadata Resistance
 
 **"Sealed Sender"**