Reject unknown VDS algorithm_ids, prevent hash registry overwrite
- Missing vds (395) in receipt protected header → Error
- Unknown algorithm_id in verification → Error
- register_hash raises Invalid_argument on duplicate ID
- 4 attacker tests for MST backend
- Linter-promoted formatting changes