feat(durable): payload AEAD cipher, AAD binding, max-payload fail-closed (#4945)

[bug-ops]

Implements #4945 (spec-064 C2) — the confidentiality and integrity boundary for journaled payloads in the durable execution layer. Part of epic #4707.

What

zeph-durable — crypto-free contract (INV-1):

• PayloadCipher seal/open trait + PayloadAad location binding (execution_id/step_id/entry_kind/idem_key) with a deterministic, injective, versioned canonical_bytes encoding fed to the AEAD associated-data channel.
• EntryKindTag discriminator; EntryKind::tag_enum/tag now delegate to it (single source of truth for the entry_kind column strings).
• CipherError (metadata-only, INV-5) + a fail-closed From<CipherError> for DurableError (Authentication → ReplayIntegrity, Malformed/UnknownKeyId → Decode).
• ensure_payload_within_limit read-side max_payload guard (INV-11): O(1), fail-closed before any decode, never panics.
• DurableConfig::encryption_gate enforces INV-8: AEAD may be disabled only for a single-user local backend (DisabledLocalWarn); shared-DB / Restate reject it with DurableError::EncryptionRequired.

zeph-core::durable — concrete implementation (lives outside zeph-durable to keep it crypto-dependency-free, INV-1):

• XChaCha20Poly1305Cipher: fresh 192-bit CSPRNG nonce per seal (INV-7), key_id || nonce(24) || ciphertext || tag(16) blob layout, a one-key rotation window (current + optional previous), and zeroized transient key material. Constructed from the vault ZEPH_DURABLE_KEY.

Acceptance criteria

• FR-DE-15 / INV-7 — fresh 24-byte nonce per seal; nonce || ct || tag layout; round-trip test.
• NFR-DE-06 — 10^6 seals produce 10^6 distinct nonces.
• AAD binding — cross-step / cross-execution open() fails with ReplayIntegrity (fail-closed); ciphertext tamper fails authentication.
• INV-11 / NFR-DE-05 — over-limit payload → PayloadTooLarge in O(1), no decode, no panic.
• INV-6 — op_fingerprint/payload/AAD carry no resolved secret material (API doc note).
• INV-8 — shared-DB / Restate reject encrypt_payload = false; single-user SQLite warns.
• chacha20poly1305 adds no cargo deny advisory (reuses the existing transitive 0.10.1); clippy -p zeph-durable clean.

Out of scope (later issues)

Wiring the cipher into actual journal writes (C3/C4), ZEPH_DURABLE_KEY vault resolution + startup INV-8 gate emission at the binary (C6/#4949), HMAC for control entries (C3).

Tests

• zeph-durable: 33 unit + 19 doc-tests.
• zeph-core::durable: 11 unit + 2 doc-tests (incl. the 10^6-nonce uniqueness test, ~11s, under the 30s slow-timeout with no terminate-after).

Verification

• cargo +nightly fmt --check — clean
• cargo clippy -p zeph-durable -p zeph-core --all-targets -- -D warnings — clean
• RUSTFLAGS="-D warnings" cargo check --workspace --all-targets --features desktop,ide,server,chat,pdf,scheduler --locked — clean
• RUSTDOCFLAGS="--deny rustdoc::broken_intra_doc_links" cargo doc --no-deps -p zeph-durable -p zeph-core — clean (the only remaining warning, BuildError::MissingProviders, pre-exists on main)
• cargo deny check advisories — only the pre-existing RUSTSEC-2025-0134 (rustls-pemfile, tracked in dep: rustls-pemfile 2.2.0 unmaintained (RUSTSEC-2025-0134) — migrate to rustls-pki-types #3772); chacha20poly1305 introduces none.

Docs

• New security reference page Durable Journal Encryption (book/src/reference/security/durable-encryption.md) documenting the cipher, the ZEPH_DURABLE_KEY vault key, the INV-8 requirement, and the key-rotation policy.
• CHANGELOG.md [Unreleased] updated.

Closes #4945